Malware Analysis Report

2024-11-13 13:25

Sample ID 240613-gb8b2azdnm
Target a406b93d07f338a1cb8da35c985be98e_JaffaCakes118
SHA256 e46c17a1299b0c023f285222e87344f2107688668ff88eada0a9380ce3acb807
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e46c17a1299b0c023f285222e87344f2107688668ff88eada0a9380ce3acb807

Threat Level: Shows suspicious behavior

The file a406b93d07f338a1cb8da35c985be98e_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Deletes itself

Checks computer location settings

Checks installed software on the system

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer settings

Modifies Internet Explorer start page

Runs ping.exe

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:38

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:38

Reported

2024-06-13 05:41

Platform

win7-20240611-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424419014" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CA2AB09-D7B8-4FF2-A367-C50B72306186}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CA2AB09-D7B8-4FF2-A367-C50B72306186} C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchwos.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchwos.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000732b3530dcbe45873c024ec384c422a2143c6c935cf3c7279451472cfb43e79b000000000e8000000002000020000000134b35c73e63f027295ef79ae620ae3ff01c07ed66c0e328e8e5831169dcf26790000000034c4e8b8756fa1fb9fec45b1b9cf673ed954ef204608f8e2b1025042605a6b3fffad93aa70b4c02e8409dacc826b8d84ee9813ada67404abfc9c6dd3956f45ec3009af092225411ffb019ad15e353dfde04dc44c6aed966ba4130d1accb07088306d048459bb14f31a557645cb193d643b61fbcc61cd70ce46d6b7e0efdde762dfb1e29ad0a28e1df7f098a350637ce400000006cd997b5aaeb4f0c773892354b55dde415872033c81d0d7e13ccc152b47d021aa2cdc7a36032774c3b841959e1592e0db518e310fd6fbcd8749bab1583a58ea7 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ea8be94aa1f659241f271be81c4ed37f77488fe83855906c744d482236059baf000000000e8000000002000020000000f9a267c3bd618847338384fb4d2578e929b65e69e64a724857230ae16b81d752200000009472a01e242e19feb66cc41924a1b824ad10065fe18a3e051ca4cead4b1e3be6400000006e8adc31334263f972615b90055821bdff6db1dafc00826edc3eabe50b64a1d421704f3f03769db0926c3bb4173281f3740def4a78262f8dd21ce086ee069de2 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0041e21654bdda01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CA2AB09-D7B8-4FF2-A367-C50B72306186}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CA2AB09-D7B8-4FF2-A367-C50B72306186}\URL = "http://search.searchwos.com/s?source=bing-bb8&uid=5759b73b-ca6c-42a5-b718-6dedcb348741&uc=20180118&ap=appfocus63&i_id=tv__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3EB84FD1-2947-11EF-B98D-FE0070C7CB2B} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchwos.com/?source=bing-bb8&uid=5759b73b-ca6c-42a5-b718-6dedcb348741&uc=20180118&ap=appfocus63&i_id=tv__1.30" C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1672 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1672 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1672 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1672 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2288 wrote to memory of 2664 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2288 wrote to memory of 2664 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2288 wrote to memory of 2664 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2288 wrote to memory of 2664 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1672 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1672 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1672 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1672 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2044 wrote to memory of 2104 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2044 wrote to memory of 2104 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2044 wrote to memory of 2104 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2044 wrote to memory of 2104 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchwos.com/?source=bing-bb8&uid=5759b73b-ca6c-42a5-b718-6dedcb348741&uc=20180118&ap=appfocus63&i_id=tv__1.30

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe" EXIT

C:\Windows\SysWOW64\PING.EXE

PING 1.1.1.1 -n 1 -w 1000

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.searchwos.com udp
US 3.218.80.136:80 search.searchwos.com tcp
US 3.218.80.136:80 search.searchwos.com tcp
US 3.218.80.136:80 search.searchwos.com tcp
US 8.8.8.8:53 d3ff8olul1r3ot.cloudfront.net udp
US 3.218.80.136:80 search.searchwos.com tcp
US 3.218.80.136:80 search.searchwos.com tcp
US 3.218.80.136:80 search.searchwos.com tcp
US 3.164.160.60:443 d3ff8olul1r3ot.cloudfront.net tcp
US 3.164.160.60:443 d3ff8olul1r3ot.cloudfront.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 imp.onesearch.org udp
US 44.195.188.78:443 imp.onesearch.org tcp
US 44.195.188.78:443 imp.onesearch.org tcp
US 8.8.8.8:53 dap2y8k6nefku.cloudfront.net udp
US 18.245.200.149:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.149:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.149:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.149:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.149:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.149:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.149:443 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.149:443 dap2y8k6nefku.cloudfront.net tcp
US 8.8.8.8:53 api.openweathermap.org udp
US 8.8.8.8:53 internal_banner.tiles.ampfeed.com udp
US 8.8.8.8:53 internal_tiles.tiles.ampfeed.com udp
NL 82.196.7.246:443 api.openweathermap.org tcp
NL 82.196.7.246:443 api.openweathermap.org tcp
BE 104.68.91.91:443 internal_tiles.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_tiles.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_tiles.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_tiles.tiles.ampfeed.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 44.195.188.78:443 imp.onesearch.org tcp
US 44.195.188.78:443 imp.onesearch.org tcp
US 44.195.188.78:443 imp.onesearch.org tcp
US 44.195.188.78:443 imp.onesearch.org tcp
US 8.8.8.8:53 imp.mt48.net udp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
US 8.8.8.8:53 cdn.45tu1c0.com udp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.67:80 c.pki.goog tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 44.195.188.78:443 imp.onesearch.org tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 o.pki.goog udp
GB 172.217.169.67:80 o.pki.goog tcp
US 8.8.8.8:53 imp.searchwos.com udp
US 8.8.8.8:53 openweathermap.org udp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
FR 3.162.33.170:80 ocsp.r2m01.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m01.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m01.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
FR 3.162.33.170:80 ocsp.r2m01.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m01.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m01.amazontrust.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5B3C.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5C19.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df5655f105cb805367f9f348a338f479
SHA1 b0250c734677d2614ff397ac1891288cff88ec4e
SHA256 e2b4eaa1cb6bd6e364af5a0a03479c6e98cc15cb15f7bff2d3f673b57b5e2b09
SHA512 aa34e9897616c8171dc420080acb9c474e3c48349bb55339d3bee592f444efc22bb1006610c76337d919bbc1b181e4f6beed8eed9cf621502e63de4f656984b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 4a725ef309d13e9879c075c5ed284e19
SHA1 9ca62ce3909ff1de36446c157643397a9d237233
SHA256 6562f246e1cb53f2d8a702379dd9a72573e8dfa06a7fbe3e384131113fc50995
SHA512 1d38238d50c2ecebd33a44147821095cafcd2f63673fa9f5f7d29c7acbdd190cb99ad2c810b26572bad243fc5227dd96e1ad4c1ccf7c37ac4338a6de182058c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e23d3ccc0d6edf7340507c2a3423a5b1
SHA1 c6b8a75039f1bc73be00d5a90a9ced3cdf92bfbb
SHA256 efb97745c79692f24e77f188daa49750aaf15f44b9e0332a5bc543c86be2b597
SHA512 ee26effb8b3d593b55a93d1fcdf6744b2a0ce942e282f65789b2cf69487178be74682ed3385085fd72dbe57c207cbf2b4f485388322264b05acb2f3979fdee84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 114a4963fb387afa8ff4409c5bd8f2ab
SHA1 81f2565219ed576b2db4e47b8014fa9f1fca1a16
SHA256 390937b2362f4ea91ac39f83f2d8d8ffe8d0c702f5ce009e2f3dccf048d93d75
SHA512 ffa00fd368a897b88a05bc1a96e6cbe74bc9483ddcdf23f2569f4a604222aedbc58bd80926a06b8c00777fabdda44a0343eb291dca2aedc362dacba3bb4ee4fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 9c5c03e60dda2f2391d54cbe71ba4272
SHA1 0e3841d78c230769f06065e92fcbbc4bb6b1cc2b
SHA256 b244e16aaac539ade3f976d1e72462ce7d04f2ad01624054ac1a4bd7dec61848
SHA512 5ab3b7577eaefe9c9bd4ff094c82c250d6c39444d67af8f7f8ae9db0cd4a95c2d8e7ddec216b633ba4c6551f69de1b68777893be5c0612215d0145ebce721eee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d711b93dc89b30331f330a17672a6cf
SHA1 f4b1017298f9f7b27cc1b2d097df9555ca3a7319
SHA256 8b24ca7a8cdb8cf77bea1c950a2abb459f8889242b4607171aaf8bad8b33ddf1
SHA512 881517b432cd675177decfd0a6f2dc0da97be2be20f25f8dc7bef0acf2cbe00ad20dd4ee3884c22f530bd768d0e73dc1e7560a1c74e6c32f78559894aa732cde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 861c015e5ca690f52c76d299dbfc5caf
SHA1 9f390a7a32d8294a85bdd4f9be8d9e5bb980b591
SHA256 9167f6e79722aedefced674dbbb45aa00305e902af1fd2f1a774c3c7f95a75a2
SHA512 f0ae60ec21120e2d45eb15b29056892d9ae27dc24e89490375c911a11fb64ee57a1337e84e1edaf6e096ab5c03ab6e7edcd777aabbf171651d113df148d2ec09

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\js[1].js

MD5 de864fdb24bd92df98126d1f02908533
SHA1 6aa2762ebf8fd82aed5dceb31814d4f53d2c2795
SHA256 996aeaf3bd0f126dd1270fed7aa15d7febf138331a6b937e91e25c2676eaa70d
SHA512 da96dffce1978cb111696b53ce59f337cb12df5e93a7f65e99ce42d6a47ce99196e2b6fa46ba84b15224182d0d11d4b42d28d01d5dcb58afab19cc2773e928d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04e503f3db4093dd1f7b3bb7b32a19ab
SHA1 227f89ca0158cb77fa8b1231be24fe7908343d3f
SHA256 4093b725bdbd1da9a011e1d7ea9124adcdd5f4b7d78ee0d61b7438f1d8b2056e
SHA512 5e8bda26dc1ce9bc789508fc947e73ec256124187108d03319b5311b45e1f91aa0ea5927460ef9d22f0882bb99262e80cf08400da1b7ca421774eb075b68e0e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_7B6B0766585C28B689143E993A052643

MD5 73e3880bf7c4d5143f6c1bbfa5dbea45
SHA1 27195c42a5957f40e8684b348af7e3ea536951c9
SHA256 d28c10e58b45a050c47590e220d63ea5055ee580f673e3e078531761e152ac32
SHA512 29745b37c3bc41b64dc5a4d4b81f1c18c0be91e67e4460efcfd547f424ba4512b5744dfb64dbd9c74e1ab6b02b01da5bc1e279abe9822bfa9b4af6f2a6278a64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed0c79011a6ddae03e5e764537f4d23c
SHA1 1bcfdd2619022f8f49068255ad21dfbd84392238
SHA256 58cd9524f62c7b71c5ef3d544c5d88983d9c7f990cc3e7af3b02d3ab2dc6b124
SHA512 21444ea449659c26c86d838d1c5833d928c6798820bfbd54965c571046c84f4b1a9ee101f44a59bc8488b907ecc8b64788f4e850153ad24c6b29c110b7a712f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 c3d1cc66ffef6804e78fb7c01a07b501
SHA1 7a787cab609a54fce8f05a43fb0faa7a2e25b32b
SHA256 143169dad22c193d55a034c5e763cf58c33b3d218081ef975d395efb28da3165
SHA512 464a18c3a96429d9d61baec821cb85ce2457ee30f8796e6adae57eb676f13998f425b7dd2667a612ecbd96bb5dc40a9b2ac3164f6e23f1c0f077741fb8f64997

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 2a12bb16cf83aafc9e1d6944d9d5b485
SHA1 b76efca2f43110685ef956ebdd60ab234d0f8d8b
SHA256 6fe3faa1a66e0fe57d85320548e3465b74999b4e95ac0d99669629383cb16dba
SHA512 6f3e627fdb5f7db2a8136f229b2e95a093d6aa76af4cd57d47786af170c43c8f41065ff5d3ae27769757b277954dd22ea979fbdb7f158d5de2904d28970d5c0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 2a6ff01403c3d5886fe8da937c5b3ce5
SHA1 3d1d8f78369c97615784195910fc618169442143
SHA256 79cba0a4f373222ccf2cfbf9f207f1943db91dedd6dade9e910e952477bb8ed7
SHA512 8dc15c1f0ca1061d1bdfaf3a3aa8ce34dc571bab39f8232677ca9f187504dbb2e9a9e43a8b9d633b8cb283c3d62158bdae9ce199e72a73b6f8f3fb58b6263305

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efe20412448dcae76cfa3f26c3a8ae20
SHA1 02a42567501112c1ec45f946f370579917dd3954
SHA256 2b52961d0cb91437125b3e3f527ac87a2b98a2c5c707050de7a7e034ed959dfe
SHA512 e4b7fe00f9ec761dcbd87236bebc9f69d4e23cffe545a9db423e86e22da2067bda229287185d577d137dc21da9f37fb630291206d3bfdd77d49e9d805be2b1b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 822269742419e06189d0c054245860dc
SHA1 fe421816b8df3a363ade56a79da34e411f4cbc4a
SHA256 90db5c44a711e20678885957b986218528d5cbefee8c70fb9defb6de64898fda
SHA512 c6c4e5e475a843b82aceebe716734bb59a9a5f8a4db851d55ea2bec77b92c5ceef6a3942338a8089ff700dcdb5407e5bb0120d385318da318d7ec6b5a364bfc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71e0b958985bec130674e28e8669e151
SHA1 283d1fab711f3684607b01d9b5a9a28a546a5652
SHA256 6f5e5c92fb6626d5184deec4a3bb96f24ebc14003a9328793790769ffcc98c85
SHA512 837856ca859535d34788faf5012b9175df1c34711dd2c89888e3ce86822d1714d8ac56c6fe303c9b8a83486445c9730546df656ec686301c453086cc6384bf92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1113599620d630ceeea68d460356faeb
SHA1 ef7cd85d807165186efc4f28fceb6afbeedb5e77
SHA256 6de0e5eeb4aebdb68fd41fdcc4c6a3235a658847f8669039ebf50f0001f20a48
SHA512 b7e7292552c34ef9bd9d39e8f31644ed76fc663b5458350a931a03a099e5d4a69e340617eeda4753027cdae2a323df6d6e8354b2185eaacd9772f1709c484bce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13815bfbc0981f2283ca96e6fb64a1f8
SHA1 a804b3a826902ee40da5e991268559765c938987
SHA256 553c406b179a900354076d4cb91cc39f2eaf32cae604dcc19032433fad1c61a6
SHA512 83d247f17b61037b6f4372f99e03526940d2c06c7b83a3d2350a08df29578eb0cd5e538d1f7c0e67872e47cb9880ebf957ccaa371a53c24bede136068b2700ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca941d05bbd3d8d452598543f429683a
SHA1 d6196359628a1170353652bdc4b16527f4ebd209
SHA256 00ce233e42c4491d5bd6b0f83719390ae0d1dde989b80913c6fd52847772a68d
SHA512 a4573bda2b961a40a3aaef8d955298bf2eb7caed0f2b13669957130af9752505e7bfc697cdebfc36612529337eac206758b4456a979bc8341aa6792f24360e14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e352ed9bc50a1ce83af0eb626ab44c2
SHA1 de2d02e149615f223fcf625fb69474683595d2e1
SHA256 b82c8694e8a36b23676f6dfe30d6ae53ac4d6734610b09bf7342ebdfb82286f7
SHA512 5a430a2a13626219e6de299defa9f611d7c37458f161111bce628f633c4f2ee19d5715be767a2dbb34226a97bad0e1ad0197f54ff7f7402891052c895af2ba1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 173a29c402e6b9708dba4041d69ea38b
SHA1 8e37846acd74d596b9f3df742492f02b7f59af57
SHA256 54537aac41f93f7a183ea8e7ae245b2b49b7e36678b9a3cc01a384afa4e148cb
SHA512 be5916b56675b6b05ff6dd4745a4ff11bc204642830aa908195f1bb165433194a59e649363d4c227ddd938d6ae6da00289b9cb12671569d7a285a675e85590e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d24fce39cde5e1b49f1660f11a928435
SHA1 9bd6066ce3f216c9e69ddef7e0091b3dd4178891
SHA256 805f44800a2dd7b7436d114ffd98b4bdde17762e4dedd634c29c77831bade4a0
SHA512 39b81f6667dc2248b9f2d40ab197e9c00f9f2ddcb9101f412ac35c1c1495cb48fd4a53123c4867f7d1fc0b144ee32bbfd288cc4075610c54aa264eccc984eef4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf7ff9c42a8d11da919bd788227f9ecc
SHA1 2c0a5abf4370992674c98b548b55f2c269dc1782
SHA256 5fc064131181235028315af2d8a8ce6f5687e3a7f743a9ac4cd74c948f89a69b
SHA512 2d579686e3473a50a628b78de44bea8e8f7ff81225e94b48642abef34f4af741fba3d9ed14b4d5959da2ccb0400f08c4219d165bbeff8618579b130909d1310b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RPLJMH1I.txt

MD5 2f3473b17916bdc6177cd849a98cc049
SHA1 5d15f28d62d84d1953652e49fa6e17de3be90f4d
SHA256 8f496fabb69e4aebe4b496585172701df03fa8d2f0f1adcf52be3fc543d6c3da
SHA512 c700b71a984f4eb00cddc1660fb6f7441b837f20fbe3397c5da683adf7c9c48da2f3aa3e9c7e4db01c0eb2729d2350ac70bc3cd7fe032ca833b6307386067f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e5e0c34e618075ba8daca7865a88b46
SHA1 edef51c7aeff48ed919ca00ca8826f57f26880d3
SHA256 84e93c25015a96caf9c77544e9bfd8b3071e9c1fa12ffd34fac720d0ad9550fc
SHA512 57e85d039aae54c09af050e134879a833074539d9dbb1398b45549d6f3e61f628d63ef3b071eeb3bc43e888c47bcca9dd431bf51647fed00b0dd89cb281cfbff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7545d045151586b7471bbbd9cfad4e8
SHA1 76498989823f0764a5049b130f1e5ec022b4de99
SHA256 2fbcd20eb026fee008c4d7c3b11d0aff475ac7c9b562d2176df3b815c37ddc8c
SHA512 2819b2d9d5fcb0fa792accf2ec9e596a1218c2ab772c4d4cab65afe83f0189585514a21f22b0dd9f24473c3aa7dad4af8dc75ef07758292498453d4c6ba1d469

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 4b84bcdab68e7a06c19a6b72557c52b1
SHA1 54526ac7adafc0e08e80eb26e0815588d22c0e9d
SHA256 79c39a39d220b85fd92c2459a1ea66f5a1bba66c653284cd5f6a5314eb3ea166
SHA512 cc6bfb2ba27642ef55a39000f11deb4f2871009e2bca5c602bfc9c6fc92d3f0bf0833859ff888d64f403a5dbef321df5235b234140d375279ca38b39abb9414a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 d83d6487dcad0b0879703505cc5b57f1
SHA1 6fb675be1ea7a9300d6c5f02b0153aa50448c310
SHA256 ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd
SHA512 f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 7e14483f95b0027875afda900eadaa15
SHA1 4372289c1038ce18c7fde6dcde057f62aa030ff2
SHA256 6e786fbb6ed102f3ba3fe88054f44630a417f1bb0860e8c5ec9bfc342f99d839
SHA512 c8eb7cda233003a2efda5182092f9d0a828b34b4b4bd899d7706d8a8b6b12e4ea052655d57c9f6857f8808946f9433b6eb321836f1cefa3b2585485d58cb258e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 b6475d00b778222bc6eaca0dcf86c2db
SHA1 f356b1dd0367a0f6224b80933f558cefbb7a1da0
SHA256 b83886b4d774e625e0ba31a9d77d2eb9f8f2158b79979b264b497a568f2c599b
SHA512 f74f1750874fc47a7ba6442a4bd81997c5db0d51ff6af3d39475828611ab3a0edc0424cdcf8fc8b09d29b55031beb39e970da372b4169cc3a0a9fc68ea8b84e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 00dc2afdea51ee7b61274687ac9024d3
SHA1 607595638987354f9fb4dd952702ff5412b6d793
SHA256 18d735335cde975b6bd76a17dbb7cf30bb8c4c6e9012530bbbba1a2854a23849
SHA512 9746ed109b187b31c7c9df112f7779082674841357d9d0e0030063425daa57d03b0f3f089d5aeaedd19529f0a71a231f0d6bbccd4c92bbf9996e97e73d01e23a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 ebf43c6753e1ac74f84bc77ffb927092
SHA1 ed8c30d982cdb489aa3b1583c6318ebcbee2a9e4
SHA256 c76af5e2ae45dba4716f0080786e4123d2877574ff215c4dc209df548382d746
SHA512 cbab43438765f80e3f2c4813126d692cf8dbe3df7590229746ea013e289739723c7a574aba284ddea08f76a3361886e019390d0da6d444620ec312cec45eb0ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 8d3e4379c82d965002b784e33fbab7bc
SHA1 68c1d07ad8cbecf43ed85b5540b62ee71ed7ab5f
SHA256 f4b9e0a554472c87256d865e549f885ac7a58cab591fe3fcb10de63818cc3395
SHA512 982cc13d13fa7dd0e4ae1f9a02b4950eaf8021fd9ddbd7134cb5147818429527563b947e0b0ad5723e498bb941f81ff2d76e4ab3c9ad71f896727e0177600d5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 858f8889d16062d610ec101db1718cb1
SHA1 6a23cc5251053dc3beb17401a08bc3a03c66c742
SHA256 ac76cbb96c065bddde7d44cb804223a1c812e1e247492931df7d65ed01a93756
SHA512 5ac71dded174a70b3fdf8e25621c0055cb2f67e349209448f23d6dac36a681b79f023431972def33a2fe6ee2edbbd77186c604835807f4f8ebcb44562baeba0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 22e3b6dad4128c8f1e2fddfec72c6276
SHA1 6fb72a1db0204d8ca4790b927f61af5ff5526f27
SHA256 ca86b84ec1e6cb6da86cfc985d0b0dc2ea164f1ab685f4609c3adc3e5d6fbc94
SHA512 7f50fb7d755626eaabf0a6a0fcda5460c4e283f029f734efb34633380861d8b96446b226b6fa58129123cd9ffa39b9242a0ac833992b202eab56e6c88f05a73f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 2732b78179cad0bfdb2b64c12b08e4ab
SHA1 3583bab6341ae5388f2f0e1fa4a20056a4698b1e
SHA256 ed1cb39ce3ed885052b9241962e48ae4584aa5b76eb8515c1f9f0d97423e9c1b
SHA512 e57c57d91f229fbba4bb509b2609d1cc0265429c1d62dee321d3bde519327e345975267cb21e76d101ac94250a1efed2d8c0f5eec6ddff67d43b58369646d499

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D03E46CD585BBE111C712E6577BC5F07_B82D647113A63312F289CB1E910A9CB3

MD5 cd509fc3003c320cb7893b8786ba6e7d
SHA1 1bbc4a1b174442d99b2750d0054f0b7ed2f715a4
SHA256 31a7f9ddb43ee8492a848be637ac1cee00e10c03db083516e1061717fc8975df
SHA512 25b7e12a6dfab5d4121ebc82bd84c13e69ddc4bc4fbbfef2056535e284b2269766929eec8aaae076502ff86d9f9ddd2a1472c24cbbc1d5f8e2d1a6d088b1dbd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_B82D647113A63312F289CB1E910A9CB3

MD5 106cfda0b83ce194afb861eaaeef2130
SHA1 25ede9e773902e40d263d3344223143ac00cdde3
SHA256 c6c0daa8e03892b1b04152e1230ab3a8bc3d8bd184ae09abaf2a04fb9a31f446
SHA512 4aa3561077e1a65810733d8edf9d73c00250f1c0e91c69ee62a4f20053c183b21d5317431aecd553ab8cf63aa59b0000f9fda6f2ceea485ac355a3d220d954af

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\favicon[1].ico

MD5 504432c83a7a355782213f5aa620b13f
SHA1 faba34469d9f116310c066caf098ecf9441147f1
SHA256 df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
SHA512 314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat

MD5 3bb84a86ca05f34ed446f03579e0d8c0
SHA1 6e13fb172bed749d36e5942da2c7b337a0df5a81
SHA256 59d65aca998f9a42f253a299814e8889d4efb1a3d9345985f84947f5d786e023
SHA512 c519f5ffd793fa5711c3d90584ccc23698c2a7e34a0fcea33bfb1038aa6b39a9782a2f7ed08bd9683101033abb11d7f073d11dcbe51e16f2c7ff97ef65f5f8ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e30534922aa5b62bc047f417612cc2e
SHA1 bc062eb410f0849c484c1109be7d9ccf4fac9516
SHA256 436e4ac89c6eb32614f88082cc3440c0b93b88240b325a6b61b87374846ddb56
SHA512 fcadf43ff203f1d9a4b81be173762727362417c0e1765c1879c87255377ad7a3439bf6312628335fc9ddc4f99479e63c032566f99005e499bf99d6e0d3545b69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 317e33e3bd7ac89e869f1fa8f96f4199
SHA1 76a2e21aaa8fda17b11c72dd0ca3c5e311aef37d
SHA256 cc0c48fad051229165dd10b497d1a08062e0b210a7822ce957b2c01d5fa5bfaa
SHA512 f42e9be8d31887ded5918c205f72447b8e3086a5b14c6691e72cd06842b1d8a674085bed3d2595e152a0d14d6fc66558fcad4c6d18c979682d295cd8d26b5123

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb4c4ae1ba53ea566a994373d8591f57
SHA1 758daefeba03118491ffd9b3eb9cff761e880e65
SHA256 c8e2482d1c63f5f368e20dcda0db40e679995de93913914dd0ba49f57301ef7f
SHA512 fdaa0265697b72c385484637ce6e17a85f4780d5156adb936a2a1179f39419b41e70caa3fccc2a677781e9c6240d1d3ce63e25db3629898082d3c4c9ce5df858

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f520ef7e15940c5acfcc04fb30dc98c4
SHA1 4e5534fa7acd4d8df21e87d1827233b6cee117d8
SHA256 02cd694f519c0ea53be2069bf997b170d891c62a086fad47f7e65964bcfe1295
SHA512 71f974adc838189f5effa000a4288f29ea016d801bff8d78b07cd0b77dc990e3d7231961f26c5ed6b749c83848aeed519b2b98d297cf5f69b86a2cc22bf20c9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96813ece724e8122fb29bf166647c1f9
SHA1 d2d4b60fdf0423274da3d396230c15cd82ce3d94
SHA256 8555c250a0ee1d28fc3e939ad4c62c1eba75aa38636336c22c0b23f6f9950726
SHA512 bb5ab127c9f841c8831d8dce4f85b36d3fc524821c1c91ba1d5efeb5bf1e1e154bc97fd81e4583cdc0e1a7fc57352c69aa21758b106b2bbaaa7ef96addc1d883

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88310153351295da5a3c1eb0cc2e8698
SHA1 7d90dc69f310dd2e2eb70b55f018248638af963f
SHA256 61bd45d4cbab00c22e0db4cb290d7f53b5bc100ef18f4cc38a938d5127ecc728
SHA512 e955c6e23f5d69e8416d7e1eff9a9aa0b25d1dc9f7e25e4ca9320c001ff919485681f5512718a7adf88864770db2f035f417c141d4c00b587026e83dd02256e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6910dcd9ade027b128c9870cbd7eb53c
SHA1 b9c7727d66266d732e0ca444e71fd8aaa755dd9f
SHA256 1a73d5bb29b082da3ae1390abc518e5ffd2f00c3f7d7a22d4a95c4c4c00a95d4
SHA512 c8120cfc15aaf7013f4ece37f9272e348e3f9db79ba252cd4df79bec01a84d683d1eab9a76a73d313f43b97181c13a896708d2637cc1bd1d697151a05eb12da8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c52ea3dc2c73ae56b92eb41da7489c0f
SHA1 dcece3c0b2047aaa642743b337c1a95434d423bf
SHA256 92d26e59672193fe1b4f0291f5474054f012b42dd4dcfb8efdac5192981c77b9
SHA512 05af7248089787191b60b2d2dc3c9a649de38e14865d1499466a111b3de8d9679a55e632605fac69659c10d53e7cae4a906d186117516f572399c19e0a970aac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a00e5c3c53ffec9388bdca0923419276
SHA1 45da6a465891c192ed3033177b5c7cfa79474915
SHA256 f3b113bccaa3958f3f4fc4735110894da0a59b5a46bcbe4f941adb48d6d87701
SHA512 87101541542254c00c90c33a866e6a2d5c506a98dbe357a2a8daafc1b091cb30e68c095dd7cc0ceebe95319fd13a22e3aa8e801664218256e56d6a1fbd73a0a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 648a26ccfce7dd0c94153eb2a0cbca25
SHA1 ea1565e64d1dd09c9f5e4e72a4de4c6dcf13c558
SHA256 18e76cc19842c98cd4036ef8f35bd3d2db4d7b796fff7a7a632c728c47ef6005
SHA512 7bd2d677969e6806e54eb139a6c633f1fdd5e0a31a75632d35814727dd3e149696ece85b4f92bf04041c70656bd5d85f6c39e6d2da6651a70315c93438b98b39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84a8ab1f3fed2198c872889deff9db6e
SHA1 df0be1227728293b23ce6a26153da0da82d0e053
SHA256 770a10bae4d203971de7c37598f6e50d2d4848f423a093f98b7afd0d185b2b0e
SHA512 54d6eb337ac830514a35ccf34ac257f12dc9beeca2ea71cb0c63b74e9c821991730eb25df8a44409c8f2c0b534cb5adbec6e65c268853d94c2485ea689c15da5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3a32ee6ced623925716990690016547
SHA1 58e9bc1fbe06eb091416431eeda8a110447bbc47
SHA256 a094d55669501f40738bac328f22f3ce043005eec05533cfd89a2080958fd8a4
SHA512 dc404561a4522ec8c9e3d2288975fd877eb6a3f9f97ed6fa6ed0c7ce8b6b13f7d0de95203f9fba367b5b3ed2eb66d514249c30fdb1ed7763bcae5b9b92d703ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2314a0abe54149fa75eb86f2812b9463
SHA1 697bf5ea485138d77a1f64831b261a29c5bb6292
SHA256 02dbfffeb2aaecdd560bacdc898e7acfe4e7cd8571cd551956ac2950548e433f
SHA512 6470c9d6b12550a8d8d0b19891b2101bd6a6aabe1a401077f8c7fef62410873e8097382bf5bfd149c09dbbffc45d983997566e9be9f8b1c3e586dc7d2228837d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e28586a19114a9bcd746bb392552535
SHA1 9fbd89adbbc01a78336795d9abb693852a20d81d
SHA256 9233ace906a30befb0166ccc4e1636af68a497426564bdc8b7d5f2fb2ccb4777
SHA512 05913cd79cf60f11571c0fc8cc1bd8998c623f265bcfd3ba1c056a86ac188ee03693849c73a56fa77983e4397193ceafb81ab9ac642f895f134a14881dbfe587

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b0487383dd803934ee4af2369fe128d
SHA1 0ddcd218843643f75090dbec704e431520fc715a
SHA256 ea9f18efc872f9b29e5a00947a8e60696c75ef9b1bf1aabb4936c6fc3ae3650a
SHA512 07ecec083b1e19acec20d253cea73be8144b8ca61069417cb4afa9f0528c65f0f0632fde80bd802da9bb1dee5598074a5319768a1b8181ddcb545825a42f68e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a04623c58d6a2543990dd925aa48a9f
SHA1 1fbc0ec8baf8a109f770c0d708ec3cb5e96165d5
SHA256 39ce2294f59fb8c9f8be6d52cbc71eb77c08bfac3f93295e447becff95019c8b
SHA512 5b684d29c013a52e178e46b07a3ec8e5bea55b3807e1980653a96d0ebb02d44cce8d76d08dfda626d00fb81c42ab4ed973d0de0ad38b73c457ab1701f59bb105

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aee09db21fcfc1e32738858f0c33af4d
SHA1 8769ce64645094b573c018fd1b78681d404de1af
SHA256 dc6ec99c933e35d6154c72ddbc435c0aa4abaf2aa75aad1ad304da6f0b84eb1b
SHA512 cf69b1558c625795e799f4f0ef17ea248ee724cfd71056cabb546068ff4224d4e6f356662cc21a2af8fe43a1998f265dc5d57b18874d9794825522b556191bfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1585162a3c6c88a6dcc8c8639c78c69
SHA1 840a4e3b3bcc5c8f9afc858fb4ab21c02d58a2d3
SHA256 479ab37f83c4bd3481cdfce4e654d0393eee7986874028afe60b577854dbcf58
SHA512 a62ed149f32af1c4b881ad23e1359c414d047398548e82b7bb571e886c47edf52c0b7197ec9bf1ba007d06b0a4345d92c5e374d4d79995334934f7289b504b61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e72c269cdae14041835c4202e49ac38c
SHA1 efd037652ab1e8fb58661a934a20a71f48eca0fc
SHA256 51c0947297b5979e04ccc22b5d0c0b0860655b765977cc04c8c5ca77aac56bba
SHA512 a829b73441717961ac6fa2d9804220f0a8821a4f82eb03239da79404351a9dc350b5bfefe2afa7f4ea64184620bb208d8e1bcef6436f9b9e9cfd84420ab57f51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f22016caf3118d7cb7fed1e638c96ff5
SHA1 a50b79e77234826abfb995320956a746434c4980
SHA256 99c9ed6d96707f6715c34c3c54e70820881ff73a488c1dd9b59a49d7283874d6
SHA512 8db9201fa6b6af933e7177d22a36076cfbcd50552e138826f087e45d7d52ee82e5d7f977cadd8e82882eeed7d9fdd8565538a54a2212201647a7079e52787f12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c881cfd561cd69d7a4aeba3f587d3dac
SHA1 a99bd170b541ebcf15226c7571186228fec7e774
SHA256 ce7d9fdc2f5e6e2e4306ee6cfbc6cb3b9c19747724a6c46b29694f320c660c82
SHA512 853562c4dcfef30dcfbc40c78f3cde85d2027f522bf738f7c6294b34d91ff8511db081595ba185012066c8aae9dcc80fd7e85fc3542757ce6d4f147b4a70b249

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:38

Reported

2024-06-13 05:41

Platform

win10v2004-20240611-en

Max time kernel

92s

Max time network

114s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "292024173" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31112532" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3D00C65C-2947-11EF-8383-C286237D7E72} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83EFD17F-6BAE-4293-A1FE-9C2E5FB500A1}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83EFD17F-6BAE-4293-A1FE-9C2E5FB500A1}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31112532" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "294212184" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83EFD17F-6BAE-4293-A1FE-9C2E5FB500A1}\URL = "http://search.searchwos.com/s?source=bing-bb8&uid=5759b73b-ca6c-42a5-b718-6dedcb348741&uc=20180118&ap=appfocus63&i_id=tv__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425022116" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83EFD17F-6BAE-4293-A1FE-9C2E5FB500A1} C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31112532" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{83EFD17F-6BAE-4293-A1FE-9C2E5FB500A1}" C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "292024173" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchwos.com/?source=bing-bb8&uid=5759b73b-ca6c-42a5-b718-6dedcb348741&uc=20180118&ap=appfocus63&i_id=tv__1.30" C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a406b93d07f338a1cb8da35c985be98e_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.searchwos.com udp
US 8.8.8.8:53 ie.search.yahoo.com udp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee