Malware Analysis Report

2025-08-05 14:54

Sample ID 250704-w4hz6sdr6s
Target JaffaCakes118_1c7a8fad9c24033e4e664388918398ea
SHA256 1e21bb6f75dd86ad74e96805af2a32462d401d0c3f28222b43bb9a2e629065fa
Tags
adware defense_evasion discovery installer spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1e21bb6f75dd86ad74e96805af2a32462d401d0c3f28222b43bb9a2e629065fa

Threat Level: Shows suspicious behavior

The file JaffaCakes118_1c7a8fad9c24033e4e664388918398ea was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware defense_evasion discovery installer spyware stealer

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Installs/modifies Browser Helper Object

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

NSIS installer

Modifies registry class

Suspicious use of WriteProcessMemory

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-04 18:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-04 18:28

Reported

2025-07-04 18:30

Platform

win10v2004-20250619-en

Max time kernel

103s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7a8fad9c24033e4e664388918398ea.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAA50F81-1D14-6721-B890-A8A5E3E437B9} C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\ = "Download and Sa" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\NoExplorer = "1" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAA50F81-1D14-6721-B890-A8A5E3E437B9} C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7a8fad9c24033e4e664388918398ea.exe N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9} C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\5068ad663b63c.ocx.5068ad663b63c.ocx.7.1\CLSID C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\5068ad663b63c.ocx.5068ad663b63c.ocx.7.1\ = "Download and Sa" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\5068ad663b63c.ocx.5068ad663b63c.ocx\CurVer C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\VersionIndependentProgID\ = "5068ad663b63c.ocx" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\Programmable C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "IIEPluginStorage" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\5068ad663b63c.ocx.5068ad663b63c.ocx\CLSID C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\5068ad663b63c.ocx.5068ad663b63c.ocx.7.1 C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\5068ad663b63c.ocx.5068ad663b63c.ocx\CurVer\ = "5068ad663b63c.ocx.7.1" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\ProgID\ = "5068ad663b63c.ocx.7.1" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32 C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\ProgID C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\ = "Download and Sa Class" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0 C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginBHO" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\5068ad663b63c.ocx.5068ad663b63c.ocx.7.1\CLSID\ = "{FAA50F81-1D14-6721-B890-A8A5E3E437B9}" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\5068ad663b63c.ocx.5068ad663b63c.ocx\CLSID\ = "{FAA50F81-1D14-6721-B890-A8A5E3E437B9}" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Download and Sa" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0 C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginBHO" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\5068ad663b63c.ocx.5068ad663b63c.ocx\ = "Download and Sa" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\5068ad663b63c.ocx.5068ad663b63c.ocx C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Download and Sa\\5068ad663b63c.ocx" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9} C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\InprocServer32\ = "C:\\ProgramData\\Download and Sa\\5068ad663b63c.ocx" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\ProgID C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9}\Programmable C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "IIEPluginStorage" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{FAA50F81-1D14-6721-B890-A8A5E3E437B9} = "1" C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7a8fad9c24033e4e664388918398ea.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7a8fad9c24033e4e664388918398ea.exe"

C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe

.\5068ad663b605.exe /s

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b605.exe

MD5 4ccf1a317aa8539c857835e4ebe9c806
SHA1 223b73d09d7398f40aff3ccc569e66cae3886ee9
SHA256 4529889c5575cd4e28b3691f0489c806442840292a9e459ada4dab3e024cc242
SHA512 ecab68799b5a51c7d2a3735a9b3c17ba20a315618aa9575a5b02d5d4535716966031a26982012669f069dbfd8a6ab62f95737b7c402bf680f3a498900f627312

C:\Users\Admin\AppData\Local\Temp\nsq7C45.tmp\UserInfo.dll

MD5 7579ade7ae1747a31960a228ce02e666
SHA1 8ec8571a296737e819dcf86353a43fcf8ec63351
SHA256 564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5
SHA512 a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\settings.ini

MD5 64f1e88f4fa7b4a4805efdaf641fcaea
SHA1 2b274fe41ad1f89544cecb75b2333a9e859b8581
SHA256 71efa06bf6f7b42b955060e3646010f9ee6f4f58c19fa1f22b5cf860785ab72b
SHA512 e48e6bc092ec605e00e925e4de8f67a069d02f7f0fd19341d5206281e72ed8a7887d51daa7c0b99b12afcd9d6976a96335ff1e8620be5a5311a168486c53f408

C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\[email protected]\bootstrap.js

MD5 ad6e11d51975d5bc19ee6770c90ad194
SHA1 d97e47d79f519394e0e1810a66745ee359506f27
SHA256 f94538b2e5e7e30b831f93392d0987a22406a423117d72a06aa4668b6ddfefe8
SHA512 123fb841920d5641b68c5a77fde04226cd797a2899f04aecedd1c54b4fbb0d024c6492858439ca5504e83295cc090af9ba0928dd934d23ba874de96ca4f7726e

C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\[email protected]\chrome.manifest

MD5 2effd6bb3e0a32e4b890193bce56fd51
SHA1 76413142e2db5184ceca088094df1a11ef17342e
SHA256 8f5d4ead5e6d5087c91ac3efa6527cd51418a35da5412e4f3e12baa6f17f907c
SHA512 71ddc74350bb8175dbb3e179bbfe70b3dabf1426e6aff31c215f63d8e3fcb59c99b0f53b99662c6fae55871e02c53b627447cfd6753df87d7db2b3a19abe387f

C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\[email protected]\install.rdf

MD5 a35cf65e67c9c8f50dd6471846aede19
SHA1 54bca69c4451e0a9c20d6865428ca83c70d0857d
SHA256 935c175ad1165ff15f4e12f8228a00d50f119147d1beb015e1956e5b61eccf50
SHA512 a856ff845139cb38a49fb8e4e66033feeb08b5959f72b4d14335c143422c8e7ff582ea2d29ca9307c2186653a1c117b09f24a60b1987d8b0b2d180dfa7dbaae6

C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\[email protected]\content\bg.js

MD5 85f7e9ae4eac40bf2d0981520ab9b9db
SHA1 d993a1b9a4624cab2f4f6389b1dcf1b406c39d19
SHA256 e9fa5e41bae4e22cb2d80f1229f6f404371ada9c26db4d6cb4f8cfe30f01a731
SHA512 a32dca243718da1c2502702826e81fd92dbe922542caf026bf16f9577e96980d04dd33ca8ebe28563b181d6de87d808bf87e0f970751a6d3bd268df9a5bd5ca5

C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\[email protected]\content\zy.xul

MD5 076100a7bd0bc5ce27f237f515ff6833
SHA1 ac7a26b4189be1bf52665315481a1bc2674a1011
SHA256 b66120d6a4f17fdc04b0276e0d79bd587a796570c9f00eb4ea1246221608d195
SHA512 bbb6c44fb858e488117bdc4728f3f6ce5f5563682f431a4f93bc749f36ed47fd82c8dc024821277063c97f302450166c26e099ece6e0d89c9b9bc4269a5c670b

C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\dmfncdppjpblnhlnkindaelnakdngoom.crx

MD5 c5bd958c4690119c1d290c68987771b4
SHA1 a7cf8b450810db4c3965f8fb2bb20ab588b464d0
SHA256 0702b9dc29ae15959a84d17593d372fc8e0c3dc69a9101fe0275db4a2cbe3d2b
SHA512 c2b569dd5d878737ab8b73d9e703aa5ac105e6cef517c625e54d9a950257401795b43d175c7c53296bcc48b9a88e6761d74789ebbc5fb971f8e6a824b2b62ece

C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b672.html

MD5 e162f326915d33d692c1bc12a98390a7
SHA1 32de3766d85f2c7c33630a18ba78e4d284138bdb
SHA256 ba14b7d3b8cb446fa6d2bcb1452b864a4b8423472d131af6d61eda0b79919b4e
SHA512 f6cc76124be560069691fb8358e5af5ed125cb8dd01447a367bc6dc1f8d782e6a9a268a7378992c9540e8d077b5bfa86755b628f84708a213661da52d018b96b

C:\Users\Admin\AppData\Local\Temp\7zS7B3B.tmp\5068ad663b6a9.js

MD5 99fa5d714d971a49b67de27e0d8871be
SHA1 d0621e846ea60fa8d0b2c8e622e495af49cd7359
SHA256 f560d76474380da948a0c5ab8682dc026822d9685268c592f315224b1b968bf6
SHA512 2fec19e4f2a974227922a7e057890141523ae73fbfa127f9e8cd00dff71b29abb93cb865c6d74ecf3df8bca440c558d4fbf2f80e82cc9636320ab5edb95ebad5

C:\ProgramData\Download and Sa\5068ad663b63c.ocx

MD5 c78c6140cb88ef4dc94f999291bb5ab1
SHA1 65b47ed5ec889e0e558c79a13a81193fc59b8ce9
SHA256 6cfc7fb43715fb13c53ab2a29b68f3a0a0f285c85d1b1443f2c5e73526646851
SHA512 ac8865cb1bec889ba493cad3f4c4bac87bfb2fdb15c518626ffa5f8ac6799a6f5c84f358d3e7d35824d6aba29af46c1078acdf30c3bd93981be61312baf6bd26

C:\ProgramData\Download and Sa\uninstall.exe

MD5 a724dac649142fef71fe4b529684e969
SHA1 e2878e84886ec53a1332ad969a825062526b5cd4
SHA256 b58c58b5073034d74c5d93902bbb9d402be063e907bdf77115b55bbb99af21dc
SHA512 9f475ad52fa2b7f82e74df87c02e42f937b5e3b62773b7d51cb53facfcc8b4934ad3c2fc21496cfabaa4dd103a309ed5cccad1ad3d6037f6c4f3a540e3e9d5b3