Malware Analysis Report

2025-01-18 00:42

Sample ID 240613-qvc5ns1cmb
Target a5cfd18447cd8ce387096ebaec928a4c_JaffaCakes118
SHA256 9828803767c7b5a493a52213a6eee20514f5d8fb90dd845cb80be8a39e2af6f3
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

9828803767c7b5a493a52213a6eee20514f5d8fb90dd845cb80be8a39e2af6f3

Threat Level: No (potentially) malicious behavior was detected

The file a5cfd18447cd8ce387096ebaec928a4c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:34

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:34

Reported

2024-06-13 13:37

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cfd18447cd8ce387096ebaec928a4c_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cfd18447cd8ce387096ebaec928a4c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5712 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5364 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4044 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5684 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5660 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5216 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.9.158:443 business.bing.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 vmg1.info udp
US 8.8.8.8:53 vmg1.info udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
BE 92.123.52.36:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.52.123.92.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 nadiasparham.co.uk udp
US 8.8.8.8:53 nadiasparham.co.uk udp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 3.33.130.190:80 vmg1.info tcp
US 8.8.8.8:53 image.made-in-china.com udp
US 8.8.8.8:53 image.made-in-china.com udp
US 3.33.130.190:80 vmg1.info tcp
US 8.8.8.8:53 nadiasparham.co.uk udp
US 104.18.16.236:80 image.made-in-china.com tcp
US 8.8.8.8:53 image.shutterstock.com udp
US 8.8.8.8:53 image.shutterstock.com udp
US 8.8.8.8:53 www.photosinbox.com udp
US 8.8.8.8:53 www.photosinbox.com udp
US 8.8.8.8:53 www.ardentpics.com udp
US 8.8.8.8:53 www.ardentpics.com udp
US 8.8.8.8:53 industrialtour.com udp
US 8.8.8.8:53 industrialtour.com udp
US 8.8.8.8:53 www.bonfiredesigns.com udp
US 8.8.8.8:53 www.bonfiredesigns.com udp
US 8.8.8.8:53 static4.depositphotos.com udp
US 8.8.8.8:53 static4.depositphotos.com udp
US 8.8.8.8:53 img.diytrade.com udp
US 8.8.8.8:53 img.diytrade.com udp
HR 65.9.189.23:80 image.shutterstock.com tcp
US 8.8.8.8:53 www.ardentpics.com udp
US 104.21.74.70:80 industrialtour.com tcp
FR 185.93.2.248:80 img.diytrade.com tcp
GB 23.49.167.174:80 static4.depositphotos.com tcp
DE 3.127.73.216:80 www.bonfiredesigns.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 54.209.32.212:80 www.photosinbox.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 img.diytrade.com udp
US 8.8.8.8:53 img.diytrade.com udp
US 8.8.8.8:53 image.shutterstock.com udp
US 8.8.8.8:53 image.shutterstock.com udp
US 8.8.8.8:53 image3.made-in-china.com udp
US 8.8.8.8:53 image3.made-in-china.com udp
FR 185.93.2.244:443 img.diytrade.com tcp
HR 65.9.189.23:443 image.shutterstock.com tcp
US 104.18.15.186:443 image3.made-in-china.com tcp
HR 65.9.189.23:443 image.shutterstock.com udp
US 8.8.8.8:53 236.16.18.104.in-addr.arpa udp
US 8.8.8.8:53 70.74.21.104.in-addr.arpa udp
US 8.8.8.8:53 23.189.9.65.in-addr.arpa udp
US 8.8.8.8:53 174.167.49.23.in-addr.arpa udp
US 8.8.8.8:53 216.73.127.3.in-addr.arpa udp
US 8.8.8.8:53 248.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 186.15.18.104.in-addr.arpa udp
US 8.8.8.8:53 244.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 212.32.209.54.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 13.89.179.12:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
BE 23.41.178.64:443 www.bing.com tcp
US 8.8.8.8:53 64.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
BE 88.221.83.193:443 www.bing.com tcp
US 8.8.8.8:53 193.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.197.79.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:34

Reported

2024-06-13 13:37

Platform

win7-20240221-en

Max time kernel

143s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cfd18447cd8ce387096ebaec928a4c_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007ea0ca855840c042af44964c6d2dcb74000000000200000000001066000000010000200000005585c5111a35d9e8809335420a3eef7046b470c715d246f8b8c1a2199056c422000000000e8000000002000020000000259830cc39dba123eede4300d063795e265c95840758e7374a604848098d03ee200000008f8262a012313e0d1c56fe32a0d21712f54fba07e1691b91f217435f2513cdbc4000000006396fcda89466edf11b006abfd4705e0a43a6fc80157ada1ef77dafeb380d93558d18bb11d3bebfb86d5ba5193f4c306e3081fb5b1fc5e82c87b1e21d45e43b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b04f248396bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC863671-2989-11EF-822E-56D57A935C49} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007ea0ca855840c042af44964c6d2dcb740000000002000000000010660000000100002000000086ffa2fb7fc8f6099059088b6059d88c3810945a53867bf389e59bc86123f5ca000000000e800000000200002000000057426f7f9c32f9efc565cd0b82b69fbe4ff861c6f995f9ea3796d260f732e9b9900000000819ab391e4feea2b145945f1545963413e624ee688103092f989c31a5c142ed3599e79139f0969684cfe5b3fe9b02eae25aae4b02650673bd9e9836e2071f5b9178e9b5e5945ff23ba75c61e7f1442116744409b2338ca6de406f60c8c2d7b756ee30d9ee171508651d647c4eff8a0f0d762116bdb3b4c2518541bf641e359b573cb3d5cc98d2c1202ef6263b7d9682400000006830bdf48f0e93edd3a0072ab234b23cfaa485c3530e48440b34601ac4e70169a9a2912defbb0744edac81c9eb76c33665dbffbbe33137f6d0f45a9e5601ff19 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447543" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cfd18447cd8ce387096ebaec928a4c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 nadiasparham.co.uk udp
US 8.8.8.8:53 vmg1.info udp
US 8.8.8.8:53 image.shutterstock.com udp
US 8.8.8.8:53 image.made-in-china.com udp
US 8.8.8.8:53 www.photosinbox.com udp
US 8.8.8.8:53 www.ardentpics.com udp
US 8.8.8.8:53 www.bonfiredesigns.com udp
US 8.8.8.8:53 img.diytrade.com udp
US 8.8.8.8:53 static4.depositphotos.com udp
US 8.8.8.8:53 industrialtour.com udp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
HR 65.9.189.23:80 image.shutterstock.com tcp
US 104.18.17.236:80 image.made-in-china.com tcp
HR 65.9.189.23:80 image.shutterstock.com tcp
US 104.18.17.236:80 image.made-in-china.com tcp
US 104.21.74.70:80 industrialtour.com tcp
US 104.21.74.70:80 industrialtour.com tcp
GB 23.49.167.174:80 static4.depositphotos.com tcp
GB 23.49.167.174:80 static4.depositphotos.com tcp
US 15.197.148.33:80 vmg1.info tcp
US 15.197.148.33:80 vmg1.info tcp
US 15.197.148.33:80 vmg1.info tcp
US 15.197.148.33:80 vmg1.info tcp
US 15.197.148.33:80 vmg1.info tcp
US 15.197.148.33:80 vmg1.info tcp
FR 185.93.2.244:80 img.diytrade.com tcp
FR 185.93.2.244:80 img.diytrade.com tcp
DE 18.193.36.153:80 www.bonfiredesigns.com tcp
DE 18.193.36.153:80 www.bonfiredesigns.com tcp
US 54.209.32.212:80 www.photosinbox.com tcp
US 54.209.32.212:80 www.photosinbox.com tcp
FR 185.93.2.244:443 img.diytrade.com tcp
HR 65.9.189.23:443 image.shutterstock.com tcp
HR 65.9.189.23:443 image.shutterstock.com tcp
HR 65.9.189.23:443 image.shutterstock.com tcp
HR 65.9.189.23:443 image.shutterstock.com tcp
US 8.8.8.8:53 image3.made-in-china.com udp
US 104.18.15.186:443 image3.made-in-china.com tcp
US 104.18.15.186:443 image3.made-in-china.com tcp
US 8.8.8.8:53 ocsp.digicert.cn udp
US 8.8.8.8:53 ocsp.digicert.cn udp
US 163.181.154.234:80 ocsp.digicert.cn tcp
US 163.181.154.231:80 ocsp.digicert.cn tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\prettyphoto[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\superfish[1].htm

MD5 00d64a82ba2d055e5facd3a30efac924
SHA1 308e275068e3bec5effca608fe9df2008c979650
SHA256 aaa3feed097fda6687c7c27860c24980f3ff105b6f326d10c98854145e9afa6b
SHA512 1151e227086964ec19c11eb388ace411a56a6e1da96409b2bfdb5313fb5df75223add437a653decf3afdfbd2be2cde421c512f9de423ad74f2ebbaf81119d8fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07e5b6553c09f005b1fe235155ce1b87
SHA1 2d058264799edde742931201f90cb22142caa124
SHA256 2390acf6036807938a106b472328e211b9b7d20a82811f92143a5ce5617916a4
SHA512 3bd43b9696943854ffd7d3ecd8326736356ba953411709f467805155cea2e80e02519253529ebcb3beb2d607e913326d38b64f59d732b14f8678dc858c810c61

C:\Users\Admin\AppData\Local\Temp\Cab40AA.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar40AC.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar418D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ff3d1c8c6bb887c39b255fad8e1fb67
SHA1 84a03664b2247bb5253c327c1b3dd17c357c9305
SHA256 c70da646431fa9af71a8e87b6b98c9b07e2ee9ec01da56b61d8e1ed9f631a8d6
SHA512 c09c1518ed8f4b91a46910b21b367459247faf7e1c757b252c2399c28cf979f671dee8069588562386ac2b4fb30fd9b506c2ce648f85813a321dda03241fc3af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcb649d1d40aac243403ff77918c17c8
SHA1 4c4f6b67ce33c113f63ff63e33f9779758a1d881
SHA256 864e49ff5887d307efe677aeba5fe84e3437ccb00b083e890e72a1399dfe8a40
SHA512 5668f3e4dea5c649f59ec0b7ee9ca9ed0bc75a13bf2a709051f0775fc98505b8ea8fb4c7a5a842ab8b28677430deff9576ee2dd1d8dd688c504389d57ffc09d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c69f94a2409368c9b6e50de12cb13a24
SHA1 005246fb4206114859cbc59c433a06de6bffb708
SHA256 99de8a768c23e87341bf916b2d6fed89bb7917e12fe8515f4f9eee611e7934d7
SHA512 334a5bbab7336f6b86bd23a43ad3b822baf72643d13d0631bc0d2825d788c7682ad9f8ca365e5ee15736f4ce3d238c0afe4c3fa9dfa4f4df792212018e206009

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f9ed4a3af6361c1d647fe503deb9692
SHA1 b52162e9fc5a9eab6edddc0a6ec5904505c7b7b9
SHA256 0709aaa2918db846dc4b2e7f61c615827180da83af681d836a88948bb1eb7114
SHA512 ed2fc5191aaa9f266ce25285d4377f36d53a631694871359f3d83ecce9c16ffa55a46ccd9c10ff5eeab04a21e9ec5126e05ec165508978ac1fa32c1841e64247

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09d12f12814664d617bd003adfcb20a8
SHA1 5ced329d28127ca8e322d8c9900dfcba4107e499
SHA256 b32e0d00021bd04492386da6a0e4790e4183138cab5ad29ac985e64bfdaf055c
SHA512 22d6e4c562f9428ed56583c3d8db6c7ada13bf4bcfb46329c59437b12c5047d0a87a4f608f945eee0bd717f75f44fee48be91706d953f6edc3f02a9e4d5a83e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e0e3b00079755efd8c1bd2446bb851c
SHA1 b4dfd9dbfe689aea77e372e4c42aa49fb5c58d46
SHA256 e2b5699f62ac0e589d7edeb3af5c0d306cbfe14b79ea0232cbe17716ab2c6429
SHA512 fd898692331591bb7d47f4a3da8610833b9c63dd0596b848ddb07bd4f87540c0bec8c93690fa2e02f64a147830dac5f3f3108f542a1f3fe24bd6fad5322f998b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74aa1db1cd8ce547aff0e8d81342e529
SHA1 2111a306b1363f9dc7f9b62110b15b38b99ef080
SHA256 a1d9aa90a53d4f069a2685af9d0bf3b30680af50dc8d894b0ba017f0ea55111c
SHA512 0561f2b955d8985d4b0f3b5b3ab8ce02ba54aef14b582e5faea37e743f154762c90cf5ab5df2cb2e18e6d02feae63c24028c8fa48fbae6f8a238966f527ebbae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 937ed89788423ab478f35b1bd0e468f3
SHA1 fab320dd74369880f752ce1bbda41659b41cac40
SHA256 fa93ad300a84833274893807e1c4ef4063bef2e32e9e8f7dda4e92c3dc5f62a5
SHA512 8901ad65715825f264ec4ba379d7245bbca72356ea52981b2da09551125321da05b0bdbde4963bfacb8cbb197bb7bf0155f8cef113607926837c1b2a7ec3fe38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 094d648c6022864264d21b1a8a468ccc
SHA1 a251668d3ab32aa22e85d1747075677c80a6c165
SHA256 9f00b88b609c99d88872f8256990c6a0e88ab773fe7e42b5f2a7ba6dc91c4e85
SHA512 03763a496fccff9509488dc7e21846989e6cd7660612f9884c8130a12fa5891c0a3f0fdc58a9d0073e6d4db3cedabe3fe32806d8e66d0c0ed4ffa8caa8dd8308

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b50cbd9d0f40a697ecfcbf1b92faae8c
SHA1 2311ad4b860f9b4d030d25b5228aca8b91819a63
SHA256 4f9931314200d982fb3bbcd1477cf12248ccbab4fd9c7c7d5476a35351580ac3
SHA512 25de21bbabc4356560511e076dccd72835d605de18a75da562f4500dc494479f3192d15820ac60ac9ede446af917fb7879c03dc3e6291a3d1e501f1046bb6dae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62ad027d8f9e74a3af8d101a39885a7d
SHA1 c3abfd121da5bba40efc6ec3ec1382ad3effaaf9
SHA256 8e6b358acd5ced140838fcda5078aff7e6624455f34b0ca5618cdc16d767c104
SHA512 1670ca4ac930e2d15edb84e94a0d6f4ee9d9280068f4267e1776259b65d95547cc5125340bf4f5b27e03cc55e5201a417efa236c6279df26ae8eeb168edea4a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e59e4b9f3cd753a2f42e86acdd85fec3
SHA1 55518ffdc4de065813cbec0cbf13c55d90a557cd
SHA256 7a506628eab88f2712680ae0aae422e31927bb0ed33b5f47ddbc19551ea13a94
SHA512 f378cf7e79caaf77dc4b1f01129ad22b1a74fe5645695c9bcc98d1dcbedfd47453bc9d370b0ee9b5a04ea291ea52d9a1f66d03a62dbaa54a996b588deffa1008

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03afa25884897d7caca3021d807c7f19
SHA1 58536f104f3493aa261a59c1f07f8028941bb695
SHA256 ef297200c95977323bada4475588ff8884ff2d56192df8f38d26be846a3fede5
SHA512 56e09654994e254d9c3993114576ef64b911ceafcf4a8a387520203b32faa516866ce5b13f2910d73b172db9f0323b4e5fbb9bedc576e7b8b77403d2b33c4ec2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 833ff07ff955080e876fe98868a53f72
SHA1 7d5433617acde6ec8ca0088e2976a83fee9167c9
SHA256 5e7f94a3422b8e42dc5605a3f75028cb43ecdce9a61af8091a95519b642f2407
SHA512 72dd87fc14d4cf2667dfd7d47eeb04f790af4b3a5c4896817c427ccf6f0b3b3af0b69310923836bab5d006e79bc053b6e18689cc23b54861b006e8a8f721742e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b29369dc0579148029e3f1af5456586c
SHA1 7060f37390e7d1db8e32efce213ff04868068c8e
SHA256 370b81918197c2fcacc19015069aca2f698f5c2fab9d5dfbe1bf92799c5607a3
SHA512 b441d5af2ed1944f144e38f3af0f07664adf1d5fa50ce909898a08e9102df9f53b8639f5e3e627fdedd0e27a39f2799a5c44969cf0a7170c1ffbece33f478e42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34d3e91859899c8e3347af3d2f797333
SHA1 6a7a04e5d41dbd17c7f35447b6251ec993d661aa
SHA256 b6e1a8c78e630be7d55685fa492188e11057fda9025a22bd5f3ffc5e452c9ee1
SHA512 3c1d22292880dfb361b650706376a5f68f6084e33765ec522813490f97524e52190d30ddc97e0906059adc78b19e2bce64e777021b46df70b52290cb85150df4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67dc752c17a13d57272d0017f849fae4
SHA1 33a03e689ae6bdab17953d1a30551076e99a5c10
SHA256 fa8d13fe1c6bfce0df016a32b34cd56db6160ddcc8cedda19d0dcbbbb8dc2e85
SHA512 abac39de0ed81216131a2bd7d5eef31d75f92fa62a77d17a55f46995c699c781b9f4685454196851d69fd830b0d2a03e91bbd55e1f1185f6bd544ebb72b4eb9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d53c5db7354e7f3afa5b2bb2add780f6
SHA1 46adb87744238aa9903338c27681ada6b672a1bc
SHA256 3269796f195340fb93527a72939afd75d010c6911e164c25c118d2d99c8912b8
SHA512 6ee06ff13c48ac8b4270f9fa25ab9ed96dc68fedd341203ef9a6164252863c0a6e2c6726bd6e175dc0345168c680e69489647d867f7414492c26d9e119644bc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b691815aa4886dfb81ae3ac82bf20a8
SHA1 fe68f9abe99d024c8c4c2cc317f7d28597e199ef
SHA256 6fb4f1c4657a1bb6e2b684f1f7480d2dc97710310e5bf14d5039538533a0ce27
SHA512 0322a7ea47ea02c2272bd9a3f14654b24dd752aa8234d6c15404b62e215e6f3f708a13cb03c2cd4e6e25bee9bf2b868c6c88c562408444943bb46a37c572f994

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44bb18502721c07f196a4fccf2596dbd
SHA1 ce0f84ce6213036eeb72d860c9f59c888c2abc8c
SHA256 e255af0884375880e42436a81c9c7a3c3c6b1c83bb85fc7651307d29c2f787f1
SHA512 2072e220776685a0c9f77368a25d49adb68e8aaa7f3a9d8b920d4231be167a30bc979e6436340e0b75576492115c825c352721de005d512ee45fd63dcdef9120

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2d844f9733b9945f44877a5e084b2cf
SHA1 9065f2dcb10c7cb696b12770bfb1eed7f7846ae8
SHA256 01a4325a8de1fc127c269a02acb5f9743ada74ef41b09d203a88e0eef97a56b5
SHA512 23b136e815acbe65ed19bb6bb233894f3fecf9f46361b7349f3637481a384b02c698554d6b148cfe0fbf893280bb8ccaa86c3b401b08502a1b7ff962df00c6ad