Malware Analysis Report

2025-01-17 22:48

Sample ID 240603-qw9v2agc3w
Target 91facd78c918881116e02e19e1bd9e35_JaffaCakes118
SHA256 7f2617234bed4f82b31530727eeb29d2167dcab173bdef02a9532603aaa4a319
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

7f2617234bed4f82b31530727eeb29d2167dcab173bdef02a9532603aaa4a319

Threat Level: No (potentially) malicious behavior was detected

The file 91facd78c918881116e02e19e1bd9e35_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:37

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:37

Reported

2024-06-03 13:40

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91facd78c918881116e02e19e1bd9e35_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91facd78c918881116e02e19e1bd9e35_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4136,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=1008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4408,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=1280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5288,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5272,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5648,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6180,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 ads.serveuser.com udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 razgovorchik.ru udp
MU 41.212.227.208:80 ads.serveuser.com tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 bs.yandex.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 masterhost.ru udp
RU 90.156.132.125:443 masterhost.ru tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 163.205.31.31.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 2.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 125.132.156.90.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.202.52:80 counter.yadro.ru tcp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.198:443 counter.yadro.ru tcp
US 8.8.8.8:53 52.202.212.88.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 198.201.212.88.in-addr.arpa udp
RU 93.158.134.90:445 bs.yandex.ru tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
RU 77.88.21.90:445 bs.yandex.ru tcp
RU 213.180.204.90:445 bs.yandex.ru tcp
RU 87.250.250.90:445 bs.yandex.ru tcp
RU 213.180.193.90:445 bs.yandex.ru tcp
US 8.8.8.8:53 bs.yandex.ru udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 93.158.134.119:445 mc.yandex.ru tcp
RU 87.250.251.119:445 mc.yandex.ru tcp
RU 77.88.21.119:445 mc.yandex.ru tcp
RU 87.250.250.119:445 mc.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 243.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:37

Reported

2024-06-03 13:40

Platform

win7-20231129-en

Max time kernel

138s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91facd78c918881116e02e19e1bd9e35_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e31f68a85ba3994ab83d84d57eee4dbc00000000020000000000106600000001000020000000cd5323a6f68b7ffd9e436784c213f0bf4766b62ce519b74105e9331856477b7b000000000e8000000002000020000000e037f2b65f73f4e54ce127c240b74e32f78b74776385ed18fb87eef41b9479d520000000729373b20711199e3469e3160c87f1f3cd0fd5a56e433aa94cd3a00d60183acd4000000037fe50ddc2fc8a552655d937d598b4ebdfa338bedfcb522f5fa402450fc3d5316b732479841fb8bbc018e720435ff2515b7fe2ad73bfcb75ee3d608acc462135 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7A625EE1-21AE-11EF-87B3-6E1D43634CD3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50793068bbb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583741" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e31f68a85ba3994ab83d84d57eee4dbc000000000200000000001066000000010000200000008150a97343cc05cb710eea81bf8c12bb4c0628b6bf9249f9fd1c9cea286ea425000000000e800000000200002000000027edc971c504308c01476cbe46d06c2e87dbe2c54ae3b513562bacff128d87b290000000baa11f0eea634ef663ed9ee00309411db54dd918dbc0d080b8b31938fe28fc81ba3e2ef2c67d3ce13edca334c034666b46729ed94587b8e7b63c5b84b64643ca178905cbfe0956ed6c3ff5badf32a28d5b8ab18d2a27973c290d433f83a619d333b5ac13b6dce9310d517754705010a18fad91bae300e02d74eef2aa87d5b900a03dea629ff36e5f487a98e768a360874000000000eed6ac2b1e969e456dbe0918c6ffa63875642c9d4e33ecf24f4b54a437f37bfbe6ae96965bbff857b8e88a5d0365eb5b4fa56477750813bf8c19da5905fb68 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91facd78c918881116e02e19e1bd9e35_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 masterhost.ru udp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
RU 90.156.132.125:443 masterhost.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
RU 88.212.201.198:80 counter.yadro.ru tcp
RU 88.212.201.198:80 counter.yadro.ru tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 www.microsoft.com udp
RU 90.156.132.125:443 masterhost.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
NL 23.62.61.194:80 www.bing.com tcp
NL 23.62.61.194:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1C0E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0060500ca785eca86d5f9dd50c61cfcc
SHA1 50290185b6924816ec10c05cd9abe943241c0a31
SHA256 53d7dd6d526e50c16f35ff16d3ce77ad51a5729d3975eaaff9367b38637294fe
SHA512 f8c6c576f12efe827980d087e58880e8b8b392863d43b06fc344dc4948d58a39e3c1d60e5e31b5a13dbf1d669a5f97a8798a07419fbbc9a5665262440377aaf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2b6983647c90c4dd25dec0ce603d98a
SHA1 1842b49bdeeeee8f79c20525d32e97f11baa412a
SHA256 3b1b4888863c5a7c1c5c7e52e26231edc5865713ffcc5e4775298b4d8b8f9181
SHA512 7e59857dde1936a2e0352d5a841d32c4df082c423b76a3cce4aa90f0cba590f56321ce770723a7a50b0bb59674d114914438cd55bd135661e10bfb7ce854c862

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 28a82a7554a75ff083aa4720a526381c
SHA1 2288025fa76b2ac6bd0e23729332bd9e4d9ceb88
SHA256 7cafbc6de43e03d841e564410b5d3493e8e902ac6e35bd238c5bcbac04de83c8
SHA512 e0e624da844ddd068558a59abaee071ea33c0f14f4d88a2baa4adfaf24a7e0408db8130ef042e55c702317ba41921aa91eb26c6de0c1519ecfa4f1811784fcb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08a9cf047bb7214f31663c93e5f0e22c
SHA1 cd8f45c2399eee91e27fbacb670eb7e12f38cbd2
SHA256 841f99ef1c6016118ce216971fe0d0889cbb58d5dd4901468314b1adcc5927ec
SHA512 c3264907aa5685aca2781461f8c0d16ca772f21110ed3d89591d1e705f5c4d7b043c135e8927c6cb58c20958cd036ddb445d2d64b637e028700ddfc9d9394050

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ba5b4c7bf77a75b64295f3173f53c50
SHA1 480345a2396adae60e1ed0131898ed6699ae727d
SHA256 cd6f507c07934b0b0e1e0c99adcda9349c0ad618cfb4051abe52ae4c7d70d001
SHA512 936e5ca3bc0814f2c07831a0c93938adb10247c0913ff073549669bac5a78fde18b0afe21e80effe91d759dadd02d55b997b02fb569d322f1f107d09ef52e165

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc0055ef5de65bff8a8810d27713a44f
SHA1 27eabfb1d8e64c200fd9a5a2181a1d24b2a6988a
SHA256 e4d3bada386b2b8a817d1e6b0b62d76907e362c2115a72e40b667dba7e7d3255
SHA512 fe1d94b0d005f17619ed10e66d3f56b33a1d2afd82870070cea1832df9dd17b91d0bda9c1283c371cc07cd09d0a4c95b6a12a585cf4c2f1e3db4f9108a626fa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec3a2eb02201d8efcf6b4adfc909d6e8
SHA1 21e06ebfccab44613088cc106615405b131f54f0
SHA256 33db006bf93cc3dfca01f16856760a9106ac9f1cae3b062f9c9d56cd49b18c24
SHA512 8b5f23e1d8d3951c0da2ad2fd5c1f760d716e65cfd8aaa02e136a4236a1ebdc7c0309ca6a7859bae58c9876c50d1a79dfbbe802d8642a5f15fd3821b83fd72ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6d69b3116cb7f86b70e9d65c307ed8e
SHA1 40c4a323fd715e8e97770bb8eb1f74473f346e4e
SHA256 1efb284eefedf602e0c0119224f7135fefa20f308cf95df201edd107f604b025
SHA512 7a3e80653eba569d655c5e634503dd6fd78b5e42594013c61b973af6436798666f1c40b7603e9f6bb5b72180a391f60f1e929caafaedce80b18ed7f2f57f5e9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a47db303716e6b8decdcc0d4e095a743
SHA1 02a42ab879b8facb42d47a1778c92fba46f0948c
SHA256 26f477d819b63e8571427ba35a5400fc8152a4bdfcab1595f3d0805075f9a00c
SHA512 b21a4c12ebcfb8206ce1bc6ed02ec6f6a7c21b082aecbfaba3688fba629a2cb258f2f734c0b4a6629fb2f148acc42160879157a0e1605b6143db0b82d1904afd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfa893e9f3dcf6d3efffb55891006053
SHA1 b2635a7cf630505be94b89a81e0fbccd1c2156c8
SHA256 3f49fdd4299e84731f8200428b3d1f385f4640ff25d8cf2f18344b253a93a460
SHA512 3356aaf35906a75a6283a2a0ca6c49c39f36a41a9e8fa2ce6c9b94256a653440f55079c2fba49d1c0857778dac07b801a32950c51563cf354e59acf70483c25f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ae9a80c9f339d3257dc9612a4fae3a3
SHA1 e07d9bc0dae57aa9edce613671248e8345ad527b
SHA256 a409984969ef2af926fd83049b9862cf16660f8e292e8d90c901f3f3b11ee419
SHA512 961bdd0061b02cd6a7df9d96167aec7abacc4cfece74c06c1ed8914ef6e42664f009c4d404393cd6e797608d843b0e29b02ca9746eab5ff196277bad0384b6b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a75084b7b787015b091a392984a2009c
SHA1 7d30a2597e5af6253bb7a969bc54866177014829
SHA256 e30bd43dd60e1bf54a59699076e288dc3be33e32a295900ef8bdbcc5ee2966c1
SHA512 d927d35dafa2da74dcca85f5c6fbbc9a10ae179aa5446de957a2021a4ec3390184d78cbba539d39d75d691505fbf60db58ae16ee2f95c061da8b969f4498c62a

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79ee578dbb78d7ca6e277cf253defacc
SHA1 1daf373901deac2a904c90967437c15e1b7ee435
SHA256 164ccce0bf5856909bb6afce1220d33b40b42d6e4093b62c42d1b15d4e8bce78
SHA512 7efc940e76a47c26ab6d516455f3f0abaea414a68a16a63d0641810103afbfb7e072ae825aa80461b378ee6bd8b37642401de1fb837deb0293ee63defa9c178b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4880a471c380723635d8299e9550c0ef
SHA1 10df9f2592fd81c48a4c34515b8e3907aa5d097d
SHA256 6f6c790e7a938e7d5a43ea4ec20af73b495fbf2773b4a57bf54e4f8ac00d4f4a
SHA512 222e4929c0b0e7fdab93a4e344623596a5fce1d928381a29c28cd5a75c8e4d1d510a6268ffd4fc544e83fa6a2e310a08ae1cd9960b63f2fdb307d30a20610907

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8da36a94356aa7ca77f2608f9f80515e
SHA1 d9a37a023e927b283baa33b3f58eda13ac1f8da8
SHA256 307fce641ed22f642b4e2790b4dae01cf8dbd230de36967ceb99a0a3b289789b
SHA512 4d176f66a1ce74825ea596196d0d95e4f34226c69fd156d968917f45c3ea1696ca04b5fa8d6cb0369c3be82209570a53a8482ea7a4b72e5bb84362aef5eaf46a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7392040037fdad848a640918992eee8d
SHA1 99799872998ae1474af032196804fafea9f4f72c
SHA256 ccdb33491a9c07809709afbf14b467e521a9780a04e39d844014ad28c5a6eb3f
SHA512 7d438459b15547a0fa31a7d73c83ea56b014d8558763fb0ef7e2144ff5aec74a1c1615d80eb22d8951a043b43c394945c6aeff73e875d45000dc830e0d48d9e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4873f88af8889ce9d1dd0fd2b01452d5
SHA1 1717eb13a4cefe864fb92dfe9bfa51497336d1ca
SHA256 96d768c8c74553103bdb85da6d1d48598f175989c10a8d244f4b5396b750445b
SHA512 06af475b10d85b558181bf8b999b39a655681037a71090c356b434e3be06ce1e71a1f9f038c4abea3caed227c353218bd304c5fa51739cc31597003ef0c1005a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0e614b6746aa9b5a08678ea38120308
SHA1 ec4becfbd83c110ebced4d09d830e9c45bd59ed5
SHA256 59fe96ab6549ec5b170ba9b591c0b59319e84b6e3143235e4dd6d765c1aef4b9
SHA512 6567fdf2e2b2b3bf6cde3301dc9531dca4d7a94abf16cf119a6ded76515e99e6f14d129c0dffac2fba04ec710ef89ebf03341793c11fc6d43da0f9694eddca34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 622aad4768293001f3be4c7c78d5f49a
SHA1 27e9978536222ba72fd1f1dcd9bb2d16572aa89f
SHA256 e98f66637dc10740cb2c454593c6dc4b0c2c236f7599e95052852ab6791e9590
SHA512 cfa27b55f662ddd4630e2d92c1fb83bc53fef5c29177c8ee975baf94861cd95a573b44cee70a341ca9b38982409cb2f9b700938f4edf7216113e67fcbd4468c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9ea92bcd829728d0dfe8457b9618428
SHA1 1621d7d0e547038ea69a1adb18efe58cb59ad5b2
SHA256 d16788160ca0ca7e1ae678f40fc12c8203e2492c6f10eb40505d85f2c79e0b31
SHA512 1ddd73d4cc75f03ddb9dc5d1d293a9ea075070f30f3457b76858927c0c0f7ecd959ff2eb41a7ec2f1ed2a13ca5a127f45eb00522b89373ddaf29534bc17e39b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 940bcdc45162a8aa9121e03e3f0b3d51
SHA1 136f9868e544de6c82e8f12ee0fca05753294b0b
SHA256 0ac6ac5efb2b21465a0f7b6c0e32ef664062a3e57598335e9568b6502f150ddd
SHA512 0139831a954fa577d6e711912c09aa2b767b32204d257746bf7283ca1c33ab985e16673f8f6397b3d9255d1e6c61f8445690913e9b2fb03c6056472b5553ebb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c376e80fe524cd60fd53d961b017234
SHA1 b9b77f911994a4b64474e52532f689f8a8da5ede
SHA256 78d2c9b94eb79db3e25517117f1191c7def814fc6dea8d63625600b40bb6df81
SHA512 e4c0d502398450a03ddfbe575bc0fd1e9107a45c7099390a1ab7c2e59dd688374857acb3c7905cde1c86dabe2f329cbb84c003c1e038cf790ca821f1165311ba