Malware Analysis Report

2025-01-18 01:24

Sample ID 240613-hdwlpasajq
Target a43d4b107890a515451bcaa214061a9d_JaffaCakes118
SHA256 0bbfe7df469e5f0da62f16713420b44c2f08211352159d9fac36726e8557fd2f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

0bbfe7df469e5f0da62f16713420b44c2f08211352159d9fac36726e8557fd2f

Threat Level: No (potentially) malicious behavior was detected

The file a43d4b107890a515451bcaa214061a9d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:37

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:37

Reported

2024-06-13 06:40

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43d4b107890a515451bcaa214061a9d_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2344 wrote to memory of 436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43d4b107890a515451bcaa214061a9d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb7be46f8,0x7fffb7be4708,0x7fffb7be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10882520754342975581,16212357362260298187,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10882520754342975581,16212357362260298187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2728 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10882520754342975581,16212357362260298187,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10882520754342975581,16212357362260298187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10882520754342975581,16212357362260298187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10882520754342975581,16212357362260298187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10882520754342975581,16212357362260298187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10882520754342975581,16212357362260298187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10882520754342975581,16212357362260298187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10882520754342975581,16212357362260298187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10882520754342975581,16212357362260298187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10882520754342975581,16212357362260298187,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 hitcounter.ru udp
US 8.8.8.8:53 userapi.com udp
US 8.8.8.8:53 top.maxnet.ua udp
RU 46.148.230.18:80 hitcounter.ru tcp
RU 46.148.230.18:80 hitcounter.ru tcp
RU 46.148.230.18:80 hitcounter.ru tcp
RU 46.148.230.18:80 hitcounter.ru tcp
RU 46.148.230.18:80 hitcounter.ru tcp
RU 46.148.230.18:80 hitcounter.ru tcp
RU 87.240.129.187:80 userapi.com tcp
US 8.8.8.8:53 vk.com udp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 an.yandex.ru udp
RU 213.180.193.90:80 an.yandex.ru tcp
US 8.8.8.8:53 18.230.148.46.in-addr.arpa udp
US 8.8.8.8:53 187.129.240.87.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 67.132.240.87.in-addr.arpa udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
RU 87.250.247.182:443 avatars.mds.yandex.net tcp
US 8.8.8.8:53 ads.adfox.ru udp
RU 77.88.21.179:443 ads.adfox.ru tcp
US 8.8.8.8:53 90.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 119.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 182.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 179.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b704c9ca0493bd4548ac9c69dc4a4f27
SHA1 a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_2344_ESWPNLEDPSNONLAX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1 86174e670c44767c08a39cc2a53c09c318326201
SHA256 e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512 a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d49f0cc70dded6e44f57e39a22e2ed51
SHA1 a87a7e028cb18ac34f1cb3d5cf74c46d1b31ce74
SHA256 e32b0caa6905e93a4752c0ac7e4046bdba3ad4f05de7a96ff179d3f7db392bf6
SHA512 dd01e8d84f0283197e7f7497818c2ad8f20314ff75b1c04e1ecf8a72b0b5db2a39061324988743f9a6fd46d1599dfee1c584a8e77ea91b620a680f5f6c1f3686

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 69ca163a61199437dcd5e0c5f9b77c0a
SHA1 5a95fb7ff26fb2333f32e95545a168602f8e6212
SHA256 ca9251bf522cf80fc77aaedcea81d83377be8f4fc50d5f5c532c076950aedb7d
SHA512 a81d1f40b49c6335222e6a07a3b1afb9d8142e3c97b15253bfca86d08d430252065806179f2dc8eca25d038eae11f055cf7eba695da0f7744ba9568536d86ffd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 becae874b1f956779243602164ad6611
SHA1 a4f5c04eab5c6f9162c76dc40d3db22183773083
SHA256 d5115f86b3a73985e97c83e81758f7dcbece074a91c467620d4f309e9a531a3e
SHA512 372c187ea6f92c389ba8f4414d094bee0d303629ccd30f772f251d6fc6019aa482082c30772cede76d68306a06f153d6aefccdecf83a6d2c9efef502175a4398

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8cb3cbda4dd16254f0dc8e8d02d62004
SHA1 0624bf2e75d6b4111d85e21b4655600a7307aa66
SHA256 8f45496b1bcd854746e67b2e882cb7b610cfb06b0c6bb6775c3cfaf5cf62d05e
SHA512 20c1d4c9a18d30fc8943240007f2d776a2db59e064fc1e4af27cdd93934b45294349f234a8282b95946a0a231c22de99f4a0bf66884f1548413876585f08a00d

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:37

Reported

2024-06-13 06:40

Platform

win7-20240611-en

Max time kernel

121s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43d4b107890a515451bcaa214061a9d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000b85f3c666a659040270d4b117d583fc84b1bad0bf35c184755bce7ad812063b1000000000e80000000020000200000005d7e8d5553c167fc47f8962861a43b981d4f800201f322446df6aceb80877aa92000000016a72d1a650b7ffd34d4c96410aea4f8a18dfe32fa9de3051e46978be0b83c034000000051cf0e4c5164405f0ca1fa9789027b7f9ddc224c7aaa93dd8a1548215c934568e8426a785b573d58e3d120143eb9b9953b7ef12ab47833407c4b17771372e0cc C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0f74c4a5cbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{72997EC1-294F-11EF-964E-D2952450F783} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422535" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000db2217155e3fcfe939822a5b5912da14984d0d588da82b0268880f5cbc85f5d2000000000e8000000002000020000000907a41acdb4e6f494bbeca598443cd503912c0b485a359a7978b8bc865f85e3f9000000026e4da743758f87b258f568bb3ed373aaf7f943fc7db6cfa47b4e9b3fdaf415049e925a3938ec6c9add171fac5253a636f66b1fe288db70e3375b39992ea92d4cbcede8f1280c0b0372d797d2ff3fe3382546eda3b0180abd8fdbad6a0f96653d9101d779f24dea8ed0364c62ff0351f0593086bb91a642958dee5f6c8dfc2915924c8c86a4d5d94c3a8a5983b4e6be640000000d7547bcafe0f5912f539e003e93921de768638a277441a1c428cddf7da3c317eb520f09223b92ba072cea322d02dc6375f22d721ed8061e2a968ea23e4783429 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43d4b107890a515451bcaa214061a9d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 top.maxnet.ua udp
US 8.8.8.8:53 hitcounter.ru udp
US 8.8.8.8:53 userapi.com udp
RU 46.148.230.18:80 hitcounter.ru tcp
RU 46.148.230.18:80 hitcounter.ru tcp
RU 46.148.230.18:80 hitcounter.ru tcp
RU 46.148.230.18:80 hitcounter.ru tcp
RU 87.240.129.187:80 userapi.com tcp
RU 46.148.230.18:80 hitcounter.ru tcp
RU 87.240.129.187:80 userapi.com tcp
RU 46.148.230.18:80 hitcounter.ru tcp
US 8.8.8.8:53 vk.com udp
RU 87.240.132.72:443 vk.com tcp
RU 87.240.132.72:443 vk.com tcp
RU 87.240.132.72:443 vk.com tcp
US 8.8.8.8:53 an.yandex.ru udp
RU 93.158.134.90:80 an.yandex.ru tcp
RU 93.158.134.90:80 an.yandex.ru tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab121B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar12CB.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13bba26e5afc42ae3d01f26189f73dfe
SHA1 53cd3c508259b89d783804b497b12531b2eb280e
SHA256 bf6d2b57782db62d0d7560967a62e2eb4b6e612eee94be7f8aee1a279b51ebed
SHA512 e9d68a87fadd825caa6d00b305974e1b9abd207cef0cba79b1f5c1e6c67306ef33b8b3e9b192a07845981079917b5b3e89093fc96ecf06f6060df93c90f6d5da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 983c474baeb2a408cf32c9825b98db65
SHA1 8ccca791c89cd2240bd776a63e473a87c8ae752e
SHA256 1a5af53c997727b8ee8e9cd129b0a6e9eba5a0ab28178ad11858f2f1b6c3b9e4
SHA512 43b519948ca1f35fe8cf1fceb5a7a9a4b03da83cf48600e6d4d2883eb44993c5d378c59e1031eca4fb5e6494d5633b8de801852c63c37cb842c0b88e7f9f43bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10dc421b7b3b9359f17ae7311c6a588f
SHA1 1bdb9482efa507b757c2d30ad8fb809f18b39248
SHA256 0d0cc25ecdca643e122606cd4f4437a3529557d09e5f3c83edb705212cb32720
SHA512 e019c79ba0057611fc971e1335182802753483922f7c948149ff6a7b98804f9efa8fecf1b36412063d4ae5873bde246f8afc6fb8e073f81a8b8ddce40c5e9341

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 645f97768f6abfad8a5415f13585cfd3
SHA1 30ab229e38e791b79bd05286d019c96800b7e1ab
SHA256 fa7d62dec63bca4b1f389cae60d6389e3bf1c22534cd4358d39168b8a3ac0cc6
SHA512 1dfe62400ee566ae25d90b14c6668091352015e09e30281a7bf4b1dc72b51f78aaef53769447e5cdb98613f090554b30a9cea728f9d8d3afd7ec066e5f522a09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d252a59caaf7eb8642c99b288193def
SHA1 7b4a137f0c23ab5738d0ba4e4d7898d9f3ddfa6e
SHA256 a36b020dc0766a036abad6651bde9a677d28efe088be8a65a329166ee713ee88
SHA512 43fa812ba6674e3b4308ca3d6621987787b287d25c2e36d6b2ee59e5e711333efcf44773224bd9d10c60f69bf35d12d8cf13e753130c550269eb048644c629ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf11cd505b46427f2a61c9b48f5dcf5b
SHA1 78b0ca6ea4b4f4ae15d090274fcce48cb3a04fa3
SHA256 e1be813d809eaa91d16ee4751ec6021202abf9d5c5713e4550db667f6eb39f11
SHA512 bb19898ad6239aea0ede76911946a7da9b38529f3439cdefaaed3ce39000c341a48c80f9f4fc8a83a420f9b5c8a778c4885e85be358673cbc95383739ce066e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f75e99865c6cc73f8e118c81e2f0ae28
SHA1 8f6f6b19c526adefee33872ae17eacc361ceeb34
SHA256 263283fbe8d08b810a9fb555b0c5b1d3bb270096916f9eb19b30e91d63ac6873
SHA512 01c3dbfa5a6c33c4f9628b071c1111a6ddc507f43ca1b9ea93518a8ded87dd705c822724fcc9cbadcd58687a1218bcf247735d2f26937612b579f56681889f35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a0d87d3f74d0b79fd8e5545b2b10fbc
SHA1 8ee6866dbb327494282477fad030c311b236d85e
SHA256 3024d4ef55eb5e6319b911c45bdc7a8db1115e5638d826edbf6665515ca4d886
SHA512 50cee5192a34e3f4ddc37de223e2eaa1a311a27ef9eb35fd260b6e12cf6507848d804abfd2f1de352bd7938d37b721ac40bfcaf12d647868a17a2421acb3dd41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b81623b2bf4e44b509bb17239fa71e5
SHA1 d81d60288453de098fdb396de3d632cbd579f082
SHA256 33be7d714287eae91df33347417a28bf64716958e187eefda28d98e182837ec4
SHA512 cba1e8e37e8ae35ced67e2ef16bd12cada9596161e6efebca5054e993fc5774ca1e8fb163ab3d414e9c8c3d1ff841680458c8d99ac46a8d8f729420da9f78bc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b56bf06891098cd99298c8de9029f3f2
SHA1 ee32557f94bdfbf8084695c62b0135d0ed6c70f5
SHA256 7a3dec17a18b0016a5870ef25663dde34ff013bbd67fc058a0fff2e79b213bf8
SHA512 0654315077fefdd5677607a4a8e455c8bb454d33f362912b59344a9e038638923b02a8ed3a975a1c531c88d0febbf9239c0a78a969f4edcb616aa1a4d91b3039

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f201feecb5b1e5302292b96d5d064b3d
SHA1 31bbd1a440a88d8760a0994c1cf79a4cbdadb26c
SHA256 686c4b2ab8bf9580080dbe2b5c8df2dba4e01c2c9011aa8db2a07520591e4645
SHA512 4cc0932af60c8aee46ce96e0811de450c55cbd2806e301577dac61f7955622b897e3ece68b9181c37e657da3448000969e52baf1f567a331e1d35571cac3bc51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c60ab2524323f05d0b30d7a2aa3465e5
SHA1 0e223820635fe88f09190a02ce7ce120974ca5d8
SHA256 5d464877537c1fbab97acc1bb8d21a8a13383ef1f0c5fa4890e2d267da53433d
SHA512 c3e41468b25abad97dc5e7228a7ac9f285c8e9aadfaafd18298d41791808aefc870bea0fef51d1e7a9c49bdc77edab937ade004915d21ac853f75ee897e662a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a0dd4b9815db6df3205383f4849526f
SHA1 19fa06be490ef728c7218e36a7f19ef88686e299
SHA256 18286f5da89415c7a96f3ea1b84ff2a1c9dd0aa33c190c1b7246766b38236245
SHA512 e5d54d07cea98387093b9154bd76b6868aa7886979b335eb713b6d10da0764f3af8cdd1b8b9a2a27456e9c13fb182fb57c4ecc3813acd2458fb5fac0ddeccd59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0264b88a23d67d44b9ab2f22cb91c599
SHA1 3841c7e3dac6729c4c5436f95e74d0dcecd8383a
SHA256 033c531e92514b08163a97f6e5ef2bb6f525be35ec510c52461e1e9bd2e0ea5f
SHA512 f4483d99159f53827ee18a82204f397b053047e4337b84d195e9f7db44c30bf19ee3431197a8ef5762ff8b6ccbefc9c56b556500e36f32477c497775f4e9fa12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c08cb8b81c5056458927f2a3908a46ef
SHA1 af94e701bae32f964b269ef84f62b87690b932c6
SHA256 efca44f8d5769f7a4ea21b2af6913c08e447957f8d46a28152a2f2b02fbeece1
SHA512 cb039f7371dc1f5e7a505f0bdefbefdf26b84370d37c3477b95c96092d8ae9f0dcf6f80796242ab520546ca206f44e02d7d663674bb09a64a3718fd5d2e68b4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c6e2afdae0d2d34c361b2144ab56666
SHA1 f137648be67d5cb4a435431cedbd96fedc4898d9
SHA256 bd81e5d523e98afb2d4034491a60bc78b346810cad06e81d34777aa4b3e2917b
SHA512 60ced42490893badd7766c0d8eb6a509b22b89ac96101240381b6d66ba183cd0f8bde8ea20ffc55cc695d2a6fafa49967deed7a0cad2afa9add8b7964c85cffb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b578e2860ea7e091b53767ce216ab697
SHA1 9726538bf39bb51c987e4f8b45690811ecc47934
SHA256 652f7c0e6d0c244817040197090b96f827d687d27db5f979a11aa118f697fb5f
SHA512 75257cc708d5c2134598117174f1624f1e0d0b8656df7b311cc80150507dc9cca5c4d08b278d340eee619719561dd8c9268602ba49f06e1fa24963f805047907

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fa3642f8163465e2a3990640ab61eb4
SHA1 b481fe2810539563ef62b9402ea9c4eadeedb26f
SHA256 167e3d6be27c62ac27c497232aa277e657730cc9a2708a3e198a8d8845543d6e
SHA512 9e4535b8660962915a65b29e73b5df4f0e5f7ddd19bca5d940a2738f919b2f705c191b9ca048f2629ec9de1ab0e3409093febe1594f7e434073f35ad675a8f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3a3a8becd5e17d2f999ee87a8666853
SHA1 8de33f89ec9ce08bb71190d52dc3865ca0ea11e4
SHA256 5a8239603ec23d5e4cde2341ca74f3ca1709b2e43e6ebbd9ddace88d46b17714
SHA512 2ea4967e55af63d59a8d9404a06ebb2338313780f2870a477711390ff6d6261fc2e68ce45aac844c7a91fc81993cfa22ac34896c72278379d2f9c97ef8b97d6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fdfbcc8fd6b98f0be0844ce7f3b5d0e
SHA1 0f73ad7df15396b904875f98a1b5945e9fc75344
SHA256 0ba633df606e81e3249f1d2118c5eb2088e5cd559b8232e77c786c56164d8817
SHA512 c7f078d653dea249f25dddca639f5d325594065059279fc5c53a428f20d91caec626ad1aebb0f0a3269f06aa2c554e39bf3e57ad7c0d4ca2e200003684c3a8e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50b678467ec5d25374367d05b9e7745b
SHA1 91be99edf1e844339b23f3ddf494a07800cbedba
SHA256 cfbf125f48e179f31c2b1374bacda4078c779a21c2a7ee1feb363f9dda24c5d7
SHA512 df01c840b164e71f572ae6fe34c8fb9ee2b8511dc7434ad2933551ead4ad791ae8eeaa96b7afcfdf2c09fcc05a654d4301d8ce352698fef0de0d0e88b17e4fd4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20061950ffb8a526b1f555178ffcded9
SHA1 a6fd31f4e5289d53c9f59949fb19a44adcb61356
SHA256 434e9cfb7a9ab41fbb28088db0443d65a8e3ae708d52c290d0604c69f8d9e8fd
SHA512 cfcea22e9caea62b5870f1a013d743d95c4ec6999b53752db362fae44925231a5032887c7a92d0d6652f1aa8b120903c7e920b9bd2a3d04d510b728cf4f6a79c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d98588897105c80a39eb11f15cf1eb2f
SHA1 dabdb53314c992d0b011942e4cf10429423057e9
SHA256 c4212f47edd00f9a3c7c648f39ba15d6b44f3a3020df1f747ade45188a2d492b
SHA512 69a5f4faadb9338939a55c84288286001ecdd04eccf14e6f75f8e9934284d245cc915c91c3243b2fef31a2676265d256a3080a80dde0a79936d14aa50d2b6bb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 584c58ee130fb3c444583694b25a036a
SHA1 895fc6f54e99646b6d7226fbfd041fc0e2d7b464
SHA256 2bd3104f0c4e12df134b142a64b646cb7157c7fba24b16dc5d826adc91219464
SHA512 eb596264b94e7a2ed27f63f050d6a9347e07c61c4e403099c6963fffeed3782753fdd159f90810a38d82e09c03442fdea497c749f17b66b02a2f77d111921389

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ca8181fcc3a502c9ae93249d57c2b36
SHA1 32fcebf3611cc131c938299f94425a928a8c59d0
SHA256 bb549b5c661d1b9c52a98ca0c4d40718da1f697d22c8e1ac66553a20a74b8d8b
SHA512 c7c3dc3d7b4c9fd8a6b031659a305084c1ba019dfdd0a16a0d53158a6522c51ba45c438f4eddaf79a738de1d03f84d3ba84bf70292350547b74d8d5b5d3a8e83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c111c5d7137ef205ffae164e0237ece3
SHA1 3e05126256e82ea1f46518f5f91ae1bcda38cbf7
SHA256 215fae6e6c4447131b4bc87e0881965a585cdd074fe981c978b5d33ce499a95e
SHA512 ffcf0353af6e41f130d4a12578b6580aaa7a3aef5391319d8d1b499cb101363fb6ede8de20793519d644c7c16e513ccdab866c683128f09a5441226aa5f05fd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c17beef99a59e3c323ff65d59e0afc8
SHA1 07c695a6b11160c7574976bf5ecc469830f7f6a5
SHA256 28c73de33636a2f1c63b929994d66ae6a746275862a28db86c5d2d13b20f3bd1
SHA512 df56421cb9405885e5c300d77937433a89bab3421f7a559070ea0a830cad529a580eb6756acf27752a4b0b52de1fc3cc9ba15447c6ab60b0da94341c307bfd56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ac114ca7c74b5fd34b45d8010147250
SHA1 9bebca83aaee921dc287dcadaabe655620e157fb
SHA256 794226f73a87806fc1c836517697531802ed9b5aecf040e563d0f5c0621984fc
SHA512 dc6f10c092bc801552e516e72c3ee07d0002a54b06353f3c1c349e8054787fbba9dccd28f8c7cb31d6def9066ddb243de7752dec3ca697cf948326b4959d576e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6eddb7d8585a650775389cb7e95517e0
SHA1 dcd4da0fa7db41ef3eb779cd87c7c47499fd425d
SHA256 85c1cfd5b58d5317e664c24151d9a4ed393381a06b0a0b38b4b2c4b5f15f4c5f
SHA512 47fae84c870772370ec3a35b89f59381d5973f4af4ee0bb559b91834f0451f9a1bc8e2218290a468187aefe2a8a0a9ea13e0ee179232175ff3408da33b791276