Malware Analysis Report

2024-10-10 12:04

Sample ID 240613-rxj7faxbnr
Target a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118
SHA256 0b3ba1c2a0c28cfc3051c03e00bc7a609914554e91eb5e21544b0705d9fc4e4f
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0b3ba1c2a0c28cfc3051c03e00bc7a609914554e91eb5e21544b0705d9fc4e4f

Threat Level: Shows suspicious behavior

The file a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Deletes itself

Checks computer location settings

Checks installed software on the system

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Modifies Internet Explorer start page

Runs ping.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:34

Reported

2024-06-13 14:36

Platform

win7-20240221-en

Max time kernel

149s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0d82cdc9ebdda01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{516A5A76-DC53-4511-95E4-6B365CACCCCF} C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ec54c936f980442be4a5e424b156692000000000200000000001066000000010000200000000610c809d16aa22d7f4595f387ff8572fbdbdd68495f98f5bd94545f7f4f5b24000000000e8000000002000020000000f41e694564c1d6acbcf2f55b5e22750d96ffc9c93456b12935943125c2a43fcf20000000afd0cd2c7cb3392e6f5c8d4e0257aa2ef0e4d45991af0b787d123ddbd109da254000000053ba6583d5e4fa88c135e7e588445e82754e059666d02fc759f8675d2576cce8d66ef5aa6042407984a9afb5209a894d56c36ef15cae9b5fc3e51d6332362a74 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{516A5A76-DC53-4511-95E4-6B365CACCCCF}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\yourpackagesnow.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{516A5A76-DC53-4511-95E4-6B365CACCCCF}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ec54c936f980442be4a5e424b1566920000000002000000000010660000000100002000000084a01158dfa78e65b0f1f0ca41f941cc7bd9b12be7f98659f8db9765179f59dc000000000e80000000020000200000009d3aa46d11d4eef4d76a2496fa0590fe968db3c753c157a3a8881b73b9e60ad1900000006b210bdafc106b0146be3f6159388e0a9c9ebf14acd8e9d3206bb646d2492353f200034baa411311f642302fa0f90499f634661d89911386b5cfc13cf26db5dffb7fcb701f6d7bc50f38dd5d68a370ef8b665c69b64beab86295acf8ff822a6771546718d91ac1f949091962d8cfc723d6c4779ae1b211c9e1be66c8b48ec875bccb95776c3b6c4f71288f431812c96a40000000e4e410d7f6ef8a151ec6e2c6e82b3c070cf004707d4f61937aecf241416e364a5cd2f826086bb3389c56a52fc015283f04012419fe444a4b8a4daf4a0edd41c7 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424451138" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\yourpackagesnow.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{516A5A76-DC53-4511-95E4-6B365CACCCCF}\URL = "http://search.yourpackagesnow.com/s?source=-bb8&uid=b97525e9-b68e-4b74-b21e-244f664d7b11&uc=20180111&ap=appfocus84&i_id=packages__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05B9D6E1-2992-11EF-8FBA-CEEE273A2359} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.yourpackagesnow.com/?source=-bb8&uid=b97525e9-b68e-4b74-b21e-244f664d7b11&uc=20180111&ap=appfocus84&i_id=packages__1.30" C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1876 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1876 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1876 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1876 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2388 wrote to memory of 2396 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2388 wrote to memory of 2396 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2388 wrote to memory of 2396 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2388 wrote to memory of 2396 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1876 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1876 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1876 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1876 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2132 wrote to memory of 272 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2132 wrote to memory of 272 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2132 wrote to memory of 272 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2132 wrote to memory of 272 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.yourpackagesnow.com/?source=-bb8&uid=b97525e9-b68e-4b74-b21e-244f664d7b11&uc=20180111&ap=appfocus84&i_id=packages__1.30

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe" EXIT

C:\Windows\SysWOW64\PING.EXE

PING 1.1.1.1 -n 1 -w 1000

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.yourpackagesnow.com udp
US 35.171.205.180:80 search.yourpackagesnow.com tcp
US 35.171.205.180:80 search.yourpackagesnow.com tcp
US 35.171.205.180:80 search.yourpackagesnow.com tcp
US 8.8.8.8:53 d3ff8olul1r3ot.cloudfront.net udp
US 35.171.205.180:80 search.yourpackagesnow.com tcp
US 35.171.205.180:80 search.yourpackagesnow.com tcp
US 35.171.205.180:80 search.yourpackagesnow.com tcp
US 3.164.160.59:443 d3ff8olul1r3ot.cloudfront.net tcp
US 3.164.160.59:443 d3ff8olul1r3ot.cloudfront.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 imp.onesearch.org udp
US 8.8.8.8:53 dap2y8k6nefku.cloudfront.net udp
US 34.235.17.157:443 imp.onesearch.org tcp
US 34.235.17.157:443 imp.onesearch.org tcp
US 18.245.200.180:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:443 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:443 dap2y8k6nefku.cloudfront.net tcp
US 8.8.8.8:53 api.openweathermap.org udp
US 8.8.8.8:53 internal_tiles.tiles.ampfeed.com udp
US 8.8.8.8:53 internal_banner.tiles.ampfeed.com udp
NL 188.166.16.132:443 api.openweathermap.org tcp
NL 188.166.16.132:443 api.openweathermap.org tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
US 34.235.17.157:443 imp.onesearch.org tcp
US 34.235.17.157:443 imp.onesearch.org tcp
US 34.235.17.157:443 imp.onesearch.org tcp
US 34.235.17.157:443 imp.onesearch.org tcp
US 8.8.8.8:53 imp.mt48.net udp
US 8.8.8.8:53 cdn.45tu1c0.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
US 34.235.17.157:443 imp.onesearch.org tcp
US 8.8.8.8:53 openweathermap.org udp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 imp.yourpackagesnow.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1655.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d07ebb375df1a9205a308920e6e8b664
SHA1 16c0261799235ec3ab3b477d9254a2f94597a8fb
SHA256 7bcf1411cd04e1a4cdaba3e79d994b4573902b8c01ce6a69dee06dd43830d23c
SHA512 b0f7b2e5ffd4e6eff23d08891dac2b51a00f5a0e25dfc32c294871989560bc9b7bd7816a7f73269391c49420fc8b687cad948a6d8e1a12ed855a866992670548

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bbd0b15ee7964fe9f832c4f2120477a2
SHA1 a8a83626add92829f1d5325ae1c5d91dd4ca2577
SHA256 9675cca029064ebcd581f7b10d18e21048cd9f22e4b862198679796af4546b0b
SHA512 be817394726ecd1cd676f0d5e1ebe14b12e1971bd729429f9a92ebf77a9ddc7629a474ce387bc2ab2e8a95546d80b68d2401046ffa3ce585707160128fb759ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 700138c1721a5dc967a11bc38a3f2ffa
SHA1 63f80d3fb6be2ace1943efd499156321a2bd69d7
SHA256 970c5f651c4840a55ca5ccf1fec4a92053d7ee20acd6ffd3a1abd9a8200f1eb7
SHA512 9754dd26ed3397275e31ca1317fd14b884396ef8a64978665bdf28d830c020188dd88b88d3f7b733c653c5d99ecef6c200acba442e010fc0bc2ebdd60e25f2cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7153fa948083565ee9688427f02e7ba1
SHA1 e71c897c22a8ac1a851b83cc88897f50aaa0bf93
SHA256 85e95d70b8be3c0a684a06b155d83e4f79042eff11ec8f5d33f14279e2e3b8e9
SHA512 f14ebc963dd0c5bfb4c8f6b3f8758a9b1e11ff6867e12479e3d53a1a4d23f548996280d28cc8450172f3d4da5e3cff48ec4fdefe3c58ee60f0f511a362176466

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88b3c092e37db5fbaf0d8fd0851b1590
SHA1 a0d127025fbb10d6592f8d8823bd696ca0ebbe21
SHA256 8eae5a6e4587b42e0157366875d0654a82f60ad72f181b6d253c6a56c5b89689
SHA512 fff925673bf5a7ee0793e8e3f9b2e9165002d4f7a3571efe0e33fb54ad70cec8e330df55ebff56b053b5f379c9ad04b8c47d6f57861d555fc0cefab776e63b6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 217939e271b8fcf5e23702c78698f94b
SHA1 723399775ebe16d1c1fbf1a6df9b0e401f7a655f
SHA256 3839ddac8305365ab833f2700fa56e3f4565b84b739b7c575e85f37f3c561633
SHA512 14254972926e40b7b625b3d4eb12274a76dfce1e767c6eee79964d93b60695b87fe7af726a4694a36d76a966e97f2fbcdd8144e1e0161ee782fbdb530a156f57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56474cba7e58876f0a36cdfc211eeebf
SHA1 299d6f131b14af3ab8b44cecef6f785c72f8e5f7
SHA256 ee8f866c58c7171a5b554ac700302e6016afb276f9e79c1fb8e08d837c2e0bad
SHA512 5c634d63405115b200a90ff909b76a0c1b89952fc62549feed15693026bead75f1d69aa9a348b326bd7833a395414b52b54aa08845abfba00798b3600f47f410

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfe583cd1a95fcfdfd66bec96a3548ab
SHA1 2af3569ebd560540e816aecd3909d6998b0af245
SHA256 43e18c94067065cc15dc4e69485e383c078b655cb7c2e48e2a49673fd2709942
SHA512 bf33a90454f136aa5f063f79f64c6b9b7e367f9af4fb4923ba2ca8f6eeb0cd6fe1436d9194a65343810dbd3af5b250ecb0f2b11128844d113982983e4349e38b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14d6ca222b186403a70c08b92c269a74
SHA1 ce69e8ae913fa1fc0bdcf2adefb469c200acb717
SHA256 a514ef1c1de9053803ae13a351eab22a4e2b514576a5f1a1530ec130aeea0ac6
SHA512 511516c7febc8fe088d172ec43cf60fe581a115f607ad2ea4862af2ccebe019db3155ae5965485a1a5c557cb8d6669f2f6a2039b42866e9674581778ac61a4f0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\js[1].js

MD5 9d8f2ff1619798445f4a027b48f89561
SHA1 967b892bcad5da5e5aafb943e70a7841bd3eee69
SHA256 4d3ea71a0427fb3d2ddf6af952dbc5955292c3e5451f60d14c85b2b7da69f608
SHA512 d7757b8eba918afbba2db72197904640c28c03b6655bfe16c26d08dd2e33133bf73ba815391f14cc7cfa4a4a64f565dcc9bb4e12929be0827e91fd0a1acca5c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d77f183d2f44ec5ab7bbf3cc93a61125
SHA1 28a9e1241cb8c135d9c4275e496a0db934025c66
SHA256 002c1e548675ca76e79b0c67a1aad24f416db95cbaa1d0a0378125ef86980faf
SHA512 4095893d3101bd9a1a1ea1bbab360dab348677cfd2ae692eb02cbbb3cb1924f13d7538d715a0a28d6473211918c47dfb4bd2a88e6883635e1b9722fc0b1bd3bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a0c6c14c948e8e3066fc75152b720f3
SHA1 b4e9405c8d2896d4ceaeb9e8ad0ef108e4cdef01
SHA256 e8f7118538812985347af76573477de230cece5bfe3439ee9043896e8351dc12
SHA512 7f5b55212a713c066dc85f60fa1309fa76543c15deffda712c28ace1abec945c0a84674b73affb17d6f97cbcb839692185401c75d8b10d3d03bf61a99727867e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07b6d00e483d1f162ea3a61eb98d8a8a
SHA1 e153f7ca7779858c23bfe1500103ec809b978293
SHA256 5b1c491740c9d619585e0060d6de3b63302d3fb525c624f85b7cbde62a0fb0e3
SHA512 19abf21cfc684b256016343969b55ff0d3573c27770c96439d000502a7b53b73b726f4950c8cd7c386a9596c7ffef2ecc47a7a473a381a3858f492f894a6cf4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5e30a3929a50459ee11568f3f059a21
SHA1 300434317a0b1770b724cf2a3f4d5414025b073e
SHA256 f89b40ef4e5a80a5da884d3feec37754db5ae974397ef5adbfe65fd20673e225
SHA512 c9dc029cfab391e087106805d6b00877888dacac0819976a738657f0311598e52de395b95d7ff13b48dc9cb032d7db2d9304f671c102b472f460d9e32c7017ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4e0045651f5c0a6f6d26e888d88af73
SHA1 b57ab0b220ce78cd96ea9d2b388cedbe944b6eb4
SHA256 d4c57c7076c7f938ba12bfc275214e4930b5bd8e2144d47b72c8d7b41f4da107
SHA512 8744db07d66cce4b56c00f4c0fd8cdce543be699aaff0c31b98151aca2ae4b236264a3798edfe87b83ceddaab899e0991cf74efe849514b1c0fc07dd26a93716

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786

MD5 406ff5b00af383f2710debf296d30d7d
SHA1 7f9bcb2ef416f9e14369a8ad84114d2f1bcbfba5
SHA256 3e801c744919b9ccf7449e723996ff3c0fdbb0e4b01643c8d24986957f95795b
SHA512 01ea91919fa7da0d2256ece27e244d077a37159ae9ced534cce96df8e8ae08f9dd7a15381a01187ca35642466f65da1416fbd64a8ba312041b0cd2c2048bd989

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 decdabf99f059965c293fbb81cef50db
SHA1 dce451a15669c1110e3b568d56e961971afc92ec
SHA256 89a3f868abb3f9606786244855e769df3debb9a51d8eb7109ec008e91316c280
SHA512 efa1da746b78d243fb1da5fc5f2053983d17c70280fc94629f768a6c6dc97d375dcbd795f65d2e2261e0cc4a1a4150e0b17a2f840118678ba051e0dbb82e204f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 7ba7d44b32f4669c1aca73d78411bc9d
SHA1 9d6d5624bc4d45f721c151417e648fa2abfd6d88
SHA256 b08579c0b269462d1ad7bdae6085b5c68468dc9dc154fe68db84863e6a89a4d1
SHA512 e52a22327e8db61981b7cdf6bf3c1d838cbb01b1fc55f6e6fd6b9c695f2291b8602d7f9f7765e9cac6943c6a048a10156e65af03cebe3f1bc8fe936ceeade09a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 434a7ee490db4929abae9059bc5fbe6b
SHA1 037cd84a788f08eb3ea03bb521625624c900fc82
SHA256 b2f998ddc3a750db336eb744b6a550981404228ce6f0279d4dc625e2dcba5d56
SHA512 d94bf041c521a89a1b2321cc19ad46018b5841736d5f970aa5d2136870f2c3f1f5c38a27db3af2ea84e1df1841e67f7ff700c6162bdf0eba5e88bfa8090f1566

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04592cf494ab030fb8466515b7565ca4
SHA1 52b16f8378ef0e83a47a93c315829241104dbabe
SHA256 63b8802c4ecf668ae4d91bc70e574ada3224812c4b0d70517816981e5dcc0193
SHA512 51762e1b736f43cfb91494f45c11920463f16f4a47a0e3e29c971525045c92a935f5258ed4fe08a0d1b1c90ea064487286d574de2e374837a97eaeba3b208907

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 9961b60f96eb6ef7cbeccea3496aaed3
SHA1 65cca4219d22c0be50acebab65289f087031ee69
SHA256 1d65e34d0bc93ce349e9a27eb2dd9bdfc6d00fdea3496512f0fb7e79e784263b
SHA512 855a0799af1d72aae96a323a2ed75ec367fe977a490a14aa1bbe2b6164b7be0a0c9708617698f00aa6f9048dd660f721837efb5782d955a7ff378fe8c08215f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 2bf75edbb2bd681f86547e580213c4aa
SHA1 5fb2a38c42c6a05954c5f04ffb5f57214488a56e
SHA256 4462c6982ff0e2bcd94ef419cbb79732826c20e4e0c8c6c1d193e654957b9dd5
SHA512 b1b049f79685e9b534e667249a44a7d55c669d460fc087a2b22d9cf48d60084d1b942870e26f09b7b85fad879974b931c9db105b88642ddf6951547ff4905a24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a76f849f32c682c47f994f486961f4a
SHA1 d109d133d13169734ce7115441b5887036e5ed82
SHA256 425b47eeb982bf5ea1caf7b8f877d2fd07fcd3edb8266ae7f50e6609b71d1b0d
SHA512 8ecbff85e204726c9a68dbd459cec368f830687cbdcc48b84200ec9b158e394f46c920e52fcf777b121658ca963584892f8daa9031bb73701cc38f951a8c6b69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1f66162da1c87d3490fe0e9435028bc
SHA1 f67a4ae87e4b0ed8e20225396ec8ce20f68c7405
SHA256 07a15323c3de739ad76c5b2294b8e9a128238a312462485301cf476722aa62ab
SHA512 ab0a15fea48427c3ee6d6fe892af9e44f94a16407e9730a975be02d50cd3c0ebc5507af42e3ebb0879387b5976fe53bd623d4b6a79989594de9cb097038db9ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0cd668c931b453ff2f9d085600e456d
SHA1 9647445da1b61e26e5233c73e6fb24fdb660ddb6
SHA256 b4ec9b8c115c1b5417b7a50442f56c61c53a88c6e46c91b59ac136a0567e6539
SHA512 d41f5f73596c82596f48add6ccf7b33e2987c3f15dae2fdc6c3dafbe25cb34e4b72047cea3c73f4a379c37e02199048d3b0ddfeb82c51cfe0e24d55b31ea91d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 55649041630b31c4d2007af910a90549
SHA1 eb9b151f2fe5d59eb09eff22526c5b92c8ad0233
SHA256 1fb5676d5ac49d924f84bae6eb78d7fbe3abf293ee2d0008e9c8830d921f1eba
SHA512 fcba3d087a41d2f76f5ebfa69c47689e2d280cc1414bebbd36c8f3a7c10fcf3510fec23829bccb1239993cedd1a3fd0aa98b3aaa09ff99d6227e56fe2ce283ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 0e747431a0a0e5b4b512a20364a54ec0
SHA1 ece31c69c7adae831dd82ce65d34affc6805e0bb
SHA256 5b7ec9afa8be218c8fb6abe5ec50e7e220e899837a61f62f8a971d4799f81559
SHA512 6afc3ca8a262746de9211ee98fee82ba1574b2d799205245df9083bb96e48b1342ba835a37a15b1d219f5830c4cf3257c18646cda476a0e527eab60fc2211f20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 f50ed5346120a2393009c8eacd2470f4
SHA1 f99c3bff983783edef3519e839eb12e44ddc0fe8
SHA256 3a585e04248841a921708b871f5df037ac658ab395671ebc0144f69c8ef6c7eb
SHA512 daeac3bc5409e546b849182316aeafbc344c792b7681c26aaa65f0bba6d55524e1d50fbfb8d308cd62432afda34b9b1c24cd2133404d49c54dcb91d670e894cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 86ec2bae3f0e0e8f01ce28f2b8d4f14c
SHA1 b7a18f21bfe3a5069a0ddfb11a8d4b9b342e87f7
SHA256 a86f43070206723685c87350eb6741c619d2f0ae4e6b6450d398dadfa053e810
SHA512 972514ead67c7e71ce89312a796ca483749beaf56e3e12f8297e598335e4d54203a88243560be8f512cc9b750c5593d8e9143e49eb5d9c7b6b7a6edd02bc60fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 d7f0901470ce156bee4d127516c2b5e8
SHA1 48dc4ed7695e2e439a777a098fce7729d4bee56b
SHA256 4784a9bb34b6c92e422fdaba9485f1bf6dc50525e6b9bffd421bbe58ba5a9bd4
SHA512 e1446994b027f90dc6c18388583282b9251e0cc049959f4004b122330455d8d6951202b03f787b9dae7110f13ce23818be8e5db5075dfd8a73898cde99727d2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D03E46CD585BBE111C712E6577BC5F07_B82D647113A63312F289CB1E910A9CB3

MD5 1966d3074c397439e66e0a6afa09a5ba
SHA1 ae0f4d8c45aa7aed3d2911f06c014405e0eca2b5
SHA256 c5246d05846f7f4049a21cd4585a1670d855f317a3262cd7a69ca93f93d2f6ef
SHA512 ae686990c46677d1b278fc33be669a718a243a3a5906e2598c7115b25d24277317ef98187a9a1c45b21dc874ec5f46026e629d76ce430496457aa8cd777d6825

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_B82D647113A63312F289CB1E910A9CB3

MD5 106cfda0b83ce194afb861eaaeef2130
SHA1 25ede9e773902e40d263d3344223143ac00cdde3
SHA256 c6c0daa8e03892b1b04152e1230ab3a8bc3d8bd184ae09abaf2a04fb9a31f446
SHA512 4aa3561077e1a65810733d8edf9d73c00250f1c0e91c69ee62a4f20053c183b21d5317431aecd553ab8cf63aa59b0000f9fda6f2ceea485ac355a3d220d954af

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\favicon[2].ico

MD5 504432c83a7a355782213f5aa620b13f
SHA1 faba34469d9f116310c066caf098ecf9441147f1
SHA256 df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
SHA512 314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat

MD5 687fd8f0e555b58581b3ea578d60c0ef
SHA1 59fe2cea0af0100d36adc94cb0344bd6435033c5
SHA256 7f50da0ecd1719db9d9e5c844ed6c40b460dc290bffb6cdaee01efeca8b2d17f
SHA512 b4a8ee29ee898762ff029fb0816dd7f7c050050b3480f8e82fa74eeeab118c024abeec43d3a9c242559e088939b2c23ee94e68cc5d587860b856cea335de824b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Z8MSOOB3.txt

MD5 eedfd8aaf72cb5bec09c78823499d0e0
SHA1 52c4a43c0baa82e2af5810b762823c5333ef6c8a
SHA256 320fb5d85cb138f27aa1adc3e2e2f67f999df850ab82e5b046320232c174ff4b
SHA512 8d63947e358ec733ac93e5c770aef4f625dbd80f27c09a7409bc5204d8170d91eae5716ea1f3ec175c15ee48a31e5561711eceadc635847408ee82a1ecdc3509

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df2ba5f37147d78b9323c6bb77ad01b2
SHA1 3d520d0111e4543b98fb75034a9c7f9ce4a48f3b
SHA256 e18cccbe4afe870ee02a4145e977fde26de7d9f93a3e7fab764cfe4413dbcfd9
SHA512 0615cd1ad5f30a5cc71591f86b2d9823ede230f548c13c89c9b22942c2b5ce10e4c576c854a2cf8d58d522ac2293ffba252895fbbae3c571b84da10eb5e57154

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9578195f31836dfeeefbbdc7bbe5cbd
SHA1 ae4db114f8bfd684a126b3f62a7ba8db9699ed17
SHA256 d4a8d129dd9ecf796d3f42e424dc035b495b74f47e430a3740e30591c9933180
SHA512 1275e441968126c0010605ca40ab6955de0f2fce3c234f7ae93e349dc4e6009936c1b03d8683355e65432708f5b3a0f9b8e13ad8b031225497b0ecca24b92ea2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c1387648a06c021600745fcbd852681
SHA1 f3e1f42fa72c1e5068f361340f9e9cb3e58a3a86
SHA256 62328bf2e3eae4fc3870236bec386027f219d2c332e494e89e902ab5e72dfe4d
SHA512 26560fe285a1bd0eb6c0047fd9ce36e658138dd30461976083583bd83501e839ff2b81c3401c8bb5f1078886995d51d557e3b7d661f55effa150d453454f5f42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee416086a0faa2609450ba04d26de33d
SHA1 8b70ed7b8763ff279b63b184ea9bd2de8c6bd28b
SHA256 b81ed380796a8ed9d65658b70d7b63642e6b96da1217221a878f97b6c1dc1d3c
SHA512 ef9afdf0e5e9a5e58304fcd39c5a8dfb0f2e5b5bd2fb99c43f3263a2d6ef4419e1b14e081734f253ad569aa381e404d643369e96b4cd038a8aab9cbb08659a3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46fd46e69ba4b1d904080952018be2cb
SHA1 63a1baa3f017ae8dc2b5cd12efb845930df2bdbe
SHA256 95da2dd435b373036c85717dddabfbd9aa4d26871e40dd2cf7748025142d944b
SHA512 f9e211288f993af7f9cae74e22d675df26efe3a466f2e355b631b44545086cdd8283172d8941c7ef8a5419751c54c5521f773c9c9291937498da06af791055ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 694213c7bedaec0c4b7a9eb40669a64a
SHA1 26ca3ad3b1babe1d02be2feaa1aa19c56f451f1a
SHA256 96328fb603852a2f3fe1840cf1d9594295ccf2c4726d78c675f47aa1ba463f61
SHA512 c00bd08a8aabe713fcd93666dd5831af12260721d9bfbe7e58df48c58d341ca135ad9b105643ed1557fc520d2574192460e5a1f3c12babb674a5234956eb881f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 466c0458e7b5392bfc70780e88b6bb3e
SHA1 3209c7ed328834a5c662335be624bae5b24b443e
SHA256 f218afcd4b8ef46d27791186fd61bd500e1d4b961f79d48f619eacffda6cb879
SHA512 a4ef2eb36f963329304201d5ccd30db24272b4dd00358ad83f4dc62eb6b11d2d8589d95b83c0d9748d039237eaf04e4d2870d303f1eb4ffb35bcd693a32da420

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78817cf6be7b80338d2c11f2b247bdb1
SHA1 ca8ffc9ae6a3f16f59663acde6f03ca73f01c2ae
SHA256 865206cdfb1ca9caa878b85a4ffd70cb3734669720e6ae248c7661244285d543
SHA512 5afb69d6d78e5978158a47784b28e954f4241eff94be8747ced93d808ffcbd2e8cda38986dcb105502f7722d4233bab2e516e9e7a39e243745ff2b635dd3af63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91451d52a8881285e5cefbd063198d5a
SHA1 a6a28bdce76745d80e52cb93554265ca54b80b04
SHA256 d047d1ccf29afe7ed24a83d21c7129b4223cf6d47e55881a25e954e10ca547d0
SHA512 8fcd751f1dd8e583dfb5e4f38ed88041ad8d22b8f0db6c21bc5935cc24319fc31706f5a676f8048d0e7707f72e59faa0e6b2488fbbd9b821fc069f13a1833f5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3d12dedd18f84c3a13ccf88f1e42271
SHA1 043242fbe34229051e845059db9e6ea2fef7c3e8
SHA256 f08aa2d451b6c88a271b7a7d2fae9547aa42786ede0ba4720ef0751ab7abf1d5
SHA512 2d164966322c024a85aa118e6a5213372863138981bed88c991d6cc99cd66c893034666e790c780a3d87fb5bf4c6708c95ca52a4b0ddbd11e1297cfe8a7a3bc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94e0a9df6913fc88488a7439bd3760e6
SHA1 93bbaa06de7df9463b7414fbd0861ca4cc4cde58
SHA256 145a9daeca9ca122678d92b8fee16030988f0ec49c19eae6aff65abf70c810ce
SHA512 c6a895342cf5f3ab299748ea375a6b1cd5d1810303fda3af5ad2749cae36f790fe39c36199b0023fc1d9b068af93eea086ac0fd7170b9f127b2101d2d05b8468

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a998c46286905677e806172a8395649d
SHA1 2423b91cbcbd4fc74ef956ed520b1ce9df01d918
SHA256 a66b62420cbad23bcea64aa5ea90e6cba2f46515212e9daf5833ead879c024a1
SHA512 fe898c3f8b98f2e230b70a92f6a5f827e5b846b26e2ca95f869c73ea081983a46a4d41b5b43fd13a5ed4e69971989787611c8b175cd359f53bf7068dfc31a5e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9097884b59e8d3f552fca0d64bbf67c
SHA1 c46861affce2723d238123c05ef88a0af7426ddb
SHA256 f79edcd5f3b0f7b6ad0f7657947e1e5a135cda80907f19048b7a96c569b47b95
SHA512 6ffea5da2767119f334502c87f3f88ae4a441588bca2fb1deffad4fc03381d7cd0d75b79c9ec854ba60ce0089df523e805b05981512abc9c849eb5c217570840

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18558c126088e9c3cd622ce7812db0fa
SHA1 d145f5c939a8a16bf66e3c807945dabdb503091e
SHA256 e29b210a303ac0a28c3eeb2aa1844c66b3c3260e4bc0bb5be15ef0b160709f23
SHA512 59c1788a13145f0190f7907bd9d12d3429a902dcbb7140faa5adc8d0af9a51730a570aaa071062573b416e6d91c9388385441bac150bf0643383374d93c5a185

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6bc8c51fc6bd0c339f7dd3e77ea4c34
SHA1 a695acaaf778fe37a23cb38d1a5691e2083600f4
SHA256 e654c762fc8e7c5fe2792fd648ede9c35939c3aab595bccf86e147c88d39ac1b
SHA512 291e7ea1b04fc8f9d59148435f04f4b08b5b7826af24eabdddf9b844ea8933b7b4a16510b792a2c34095999f7fe9079bd800957a181cbc9afff7645c847e25b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 546a7f74a72348759c72cf94891d20e3
SHA1 48874f17a7f6814093ec99fba1175841268da2f2
SHA256 d4f78ece6d25c3e3a04b254a5e36c1a17e0782c3df16423c23cb12e7a6cc17e6
SHA512 6e465f9786dd5a442a4acee0c69e2f1a63e128de66975b41f9e7aae727295a1523e3a4a71e3343870075f1a4b39ea502365299f5d469949f6620312d1b3df12c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a416a4334cf2f57b5041c9c66661839
SHA1 b0c11dccf1f7281d5690c392506e06025901e000
SHA256 9b1153a92e0c4f23e5367e15c674d470f52ad12e05dc0fadab449f75d3ff514f
SHA512 6ed76919bc66164bc5c8547739ba9ed60c21b6fee5705180bd4e3db3baf8b15cd4ded51af133e86a782e444db58455ce6a3e7e08799cccee5451d2ed01d69881

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1809ba9e4aac17354bdbea5eae0b7c8
SHA1 b6f54b5c40403926ee0961c1abba45ad7d24e1c7
SHA256 4343464d64a2007c6cc09deb475e2f49fdb9234245ed9570dfa70c4634672399
SHA512 784ac767ded5dbf17758444a0344e2b0f721d9a5f628cd216a4b0780d406b59a4505e9d97530eb80d05337fd836a35c5082b13f8880c49ae4bcf1b9fe3be1c15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6982adc388cd013483ff6d4d79e3f0a8
SHA1 28f8a58b00656a3d15f2751928635b28aa112081
SHA256 caa426feb674069d2bb9ec3bf199c5ba99828d6a94c8099a53e8044cc00c9dd9
SHA512 546b221b16074f9d676df660e9b167c389956e3a2f800c33b06e01313985d3bd6c873484563c335b49f8158e1be62373ceb5680bb9e450c41a6f448ed4d74cce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff255c073e02e81cdd85ccd726ad41ff
SHA1 bf1f6b5938e35e4937944635d3d406cf250508c1
SHA256 32cc543074a7d92f5c5983e9b74365e7bb210f3b340a8a6cd61ac83630f8eccf
SHA512 994c9fbeaa3a806f4b2134da85e6fa954346f0bb7be34497dc7a73fc6eccb2fe3393ce51caa27e9cf6743f1d015e9d46bf1613a2c5666ea9b3209fb39f49ce53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43cfe83990881b6a8607fc4cda62d090
SHA1 357fcc6c0d9c57259d4d92b54993421709d37182
SHA256 d6e0920d591824a72746b148282be988c81b3047a1b3b3a7d6445dfbf32d3adc
SHA512 14ff4f9df373f6ec99025567c2c640b7766ce20f7f4b187547e21c9db141f6a476e5accb0899b9987aa2d10ee3464289dde5e896b58ea0d78928e36b810a2351

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 14:34

Reported

2024-06-13 14:36

Platform

win10v2004-20240508-en

Max time kernel

77s

Max time network

87s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86393959-5ACD-44FF-8061-FB53E96AABCC}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{86393959-5ACD-44FF-8061-FB53E96AABCC}" C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0600025E-2992-11EF-9519-D64620966489} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86393959-5ACD-44FF-8061-FB53E96AABCC} C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86393959-5ACD-44FF-8061-FB53E96AABCC}\URL = "http://search.yourpackagesnow.com/s?source=-bb8&uid=b97525e9-b68e-4b74-b21e-244f664d7b11&uc=20180111&ap=appfocus84&i_id=packages__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86393959-5ACD-44FF-8061-FB53E96AABCC}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424451139" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://search.yourpackagesnow.com/?source=-bb8&uid=b97525e9-b68e-4b74-b21e-244f664d7b11&uc=20180111&ap=appfocus84&i_id=packages__1.30" C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a60bbcac23e34b7ef917eb49cf63e10b_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4564 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.yourpackagesnow.com udp
US 8.8.8.8:53 ie.search.yahoo.com udp
US 8.8.8.8:53 ie.search.yahoo.com udp

Files

N/A