Analysis Overview
SHA256
ea8c422aeebf4755fc4b7c6cccea5561176ff6c75eebdef156b96b15b5851c19
Threat Level: No (potentially) malicious behavior was detected
The file a4701dbb6f52f0435170577baeb489ff_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:31
Reported
2024-06-13 07:34
Platform
win7-20240611-en
Max time kernel
141s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "40" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "886" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1768" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424425766" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "61" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "98" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "89" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "98" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "104" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "854" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "98" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "1768" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "89" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "136" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "136" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "1593" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "136" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "1028" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "12" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "104" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1028" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "854" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000002f3914abc7a6fd6f0e72f4c456256cc88db2c8a1f1057ed67a42a84d410f92d9000000000e8000000002000020000000fc23a4ce95e2a91c5de5e6aa12d6cfae4e58dc09f58b4de6ae04008063b68ed22000000079bf1d4681d598f0737d5a8d6c1a812cb5eb13511c049c6290ba44c3a53f291c40000000a76537e404675315cac116486888fc9a74c2e6d72eb43f46e9b2ae7880506a9c72a5267177c4d03fd88bdd15fb0376de5a4e719f49f27d24a6b9aa699d809bc8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "12" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60de1fea63bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "40" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "61" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1876 wrote to memory of 2968 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2968 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2968 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2968 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4701dbb6f52f0435170577baeb489ff_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | counter.rambler.ru | udp |
| US | 8.8.8.8:53 | www.rosinvest.com | udp |
| US | 8.8.8.8:53 | top100-images.rambler.ru | udp |
| US | 8.8.8.8:53 | news.yandex.ru | udp |
| US | 8.8.8.8:53 | kinomob.info | udp |
| US | 8.8.8.8:53 | it.ul-online.ru | udp |
| US | 8.8.8.8:53 | d7.ce.b8.a1.top.mail.ru | udp |
| US | 8.8.8.8:53 | www.aport.ru | udp |
| US | 8.8.8.8:53 | www.wolist.ru | udp |
| US | 8.8.8.8:53 | counter.24log.ru | udp |
| US | 8.8.8.8:53 | info.weather.yandex.net | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | s202.ucoz.net | udp |
| RU | 81.19.89.17:80 | counter.rambler.ru | tcp |
| RU | 87.242.127.163:80 | top100-images.rambler.ru | tcp |
| RU | 81.19.89.17:80 | counter.rambler.ru | tcp |
| RU | 87.242.127.163:80 | top100-images.rambler.ru | tcp |
| US | 172.67.139.203:80 | kinomob.info | tcp |
| US | 172.67.139.203:80 | kinomob.info | tcp |
| US | 64.79.79.18:80 | counter.24log.ru | tcp |
| US | 64.79.79.18:80 | counter.24log.ru | tcp |
| US | 64.79.79.18:80 | counter.24log.ru | tcp |
| RU | 87.250.250.14:80 | clck.yandex.ru | tcp |
| RU | 87.250.250.14:80 | clck.yandex.ru | tcp |
| RU | 77.244.220.11:80 | www.rosinvest.com | tcp |
| RU | 77.244.220.11:80 | www.rosinvest.com | tcp |
| RU | 193.109.247.224:80 | s202.ucoz.net | tcp |
| RU | 193.109.247.224:80 | s202.ucoz.net | tcp |
| RU | 95.163.52.67:80 | d7.ce.b8.a1.top.mail.ru | tcp |
| RU | 95.163.52.67:80 | d7.ce.b8.a1.top.mail.ru | tcp |
| RU | 213.180.204.12:80 | news.yandex.ru | tcp |
| RU | 213.180.204.12:80 | news.yandex.ru | tcp |
| RU | 23.111.103.204:80 | www.aport.ru | tcp |
| RU | 23.111.103.204:80 | www.aport.ru | tcp |
| RU | 213.180.193.146:80 | info.weather.yandex.net | tcp |
| RU | 213.180.193.146:80 | info.weather.yandex.net | tcp |
| RU | 37.140.192.138:80 | www.wolist.ru | tcp |
| RU | 37.140.192.138:80 | www.wolist.ru | tcp |
| RU | 193.109.247.224:80 | s202.ucoz.net | tcp |
| RU | 193.109.247.224:80 | s202.ucoz.net | tcp |
| RU | 5.101.153.158:80 | it.ul-online.ru | tcp |
| RU | 5.101.153.158:80 | it.ul-online.ru | tcp |
| RU | 81.19.89.17:443 | counter.rambler.ru | tcp |
| US | 172.67.139.203:443 | kinomob.info | tcp |
| US | 8.8.8.8:53 | rosinvest.com | udp |
| US | 172.67.139.203:443 | kinomob.info | tcp |
| RU | 77.244.220.11:443 | rosinvest.com | tcp |
| RU | 77.244.220.11:443 | rosinvest.com | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | dzen.ru | udp |
| US | 64.79.79.18:443 | counter.24log.ru | tcp |
| US | 64.79.79.18:443 | counter.24log.ru | tcp |
| US | 64.79.79.18:443 | counter.24log.ru | tcp |
| RU | 193.109.247.224:443 | s202.ucoz.net | tcp |
| RU | 37.140.192.138:443 | www.wolist.ru | tcp |
| RU | 95.163.52.67:80 | top-fwz1.mail.ru | tcp |
| RU | 95.163.52.67:80 | top-fwz1.mail.ru | tcp |
| RU | 62.217.160.2:443 | dzen.ru | tcp |
| RU | 62.217.160.2:443 | dzen.ru | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | sso.passport.yandex.ru | udp |
| RU | 93.158.134.144:443 | sso.passport.yandex.ru | tcp |
| RU | 93.158.134.144:443 | sso.passport.yandex.ru | tcp |
| US | 8.8.8.8:53 | wolist.ru | udp |
| RU | 37.140.192.138:443 | wolist.ru | tcp |
| RU | 37.140.192.138:443 | wolist.ru | tcp |
| RU | 81.19.89.17:443 | counter.rambler.ru | tcp |
| US | 8.8.8.8:53 | counter.spylog.com | udp |
| US | 8.8.8.8:53 | hit30.hotlog.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counting.kmindex.ru | udp |
| RU | 193.109.247.224:80 | s202.ucoz.net | tcp |
| RU | 193.109.247.224:80 | s202.ucoz.net | tcp |
| RU | 88.212.201.198:80 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:80 | counter.yadro.ru | tcp |
| FR | 37.187.202.102:80 | counting.kmindex.ru | tcp |
| FR | 37.187.202.102:80 | counting.kmindex.ru | tcp |
| RU | 193.109.247.224:443 | s202.ucoz.net | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 193.109.247.224:443 | s202.ucoz.net | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| RU | 193.109.247.224:443 | s202.ucoz.net | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| RU | 193.109.247.224:443 | s202.ucoz.net | tcp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| RU | 193.109.247.224:443 | s202.ucoz.net | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| RU | 89.208.236.251:80 | hit30.hotlog.ru | tcp |
| RU | 89.208.236.251:80 | hit30.hotlog.ru | tcp |
| RU | 193.109.247.224:443 | s202.ucoz.net | tcp |
| RU | 193.109.247.224:80 | s202.ucoz.net | tcp |
| RU | 193.109.247.224:443 | s202.ucoz.net | tcp |
| RU | 193.109.247.224:80 | s202.ucoz.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 23.111.103.204:80 | www.aport.ru | tcp |
| RU | 23.111.103.204:80 | www.aport.ru | tcp |
| RU | 89.208.236.251:80 | hit30.hotlog.ru | tcp |
| RU | 89.208.236.251:80 | hit30.hotlog.ru | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab100A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar102C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a56e5d3b7beba37a30251e83eeead74 |
| SHA1 | c3561e71034e7b538f2bb258f25d5dd0ab2657d3 |
| SHA256 | 874fdf0252d29381cef1c8586cab2212532786f6fff0d84063b073e9844ecae8 |
| SHA512 | 7c22bd1e67d2264fec41e03649d47693c9746cc4e60ae7b4848f24918e9e9a6a7ed42f378ecae9cac435e6fb8f843d0e9b281e8d552deb7740adecae86e82c7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a365ae9e14a0e700da5b6d805d02003 |
| SHA1 | d2990aa383a7a76194ed6030a3a8c05081ff05e5 |
| SHA256 | 8c8b62536909a90a39ccf5cd34997c256af8c49605861cae025d87ab1eaaca1d |
| SHA512 | bdf5b9243605548719398f986ca5e661c4fda3da30725500f95d334d518ff0aeb3286e7d7481cab5f4b4a51ab8471fe0babfeb7963e92c1101be9c6a5e401789 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d32051165138bc42f78bcb4890956b3 |
| SHA1 | 6c5bcd08160c405904b4a9311d790e0e693497a9 |
| SHA256 | e806a37778769444ee706c41ebd1bc8354cf97fb2c3c3c34395a5cec41852243 |
| SHA512 | 9fdfe3e6b2c6dfcbede73f227ce5b086bfb386b133dc037bc18a4806736b09b96f799d843e4cb705ae98d26903db381e7b2eef7d5a013aa16e371486b3ff6003 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58f87534fa53b1b9c831c398bdba0f84 |
| SHA1 | 0889c4036e0fb7ee510efc123a4da1022273f20d |
| SHA256 | eb3dcf529392e77098d4611db16580c0fae1a506d17c0d3fdf60358dea0f5487 |
| SHA512 | cb6d2504f8d9605e442490cbeb632997742ca18a67d91b28b074d5b21172d4d22b2eba5ebf0d8fda769807d61834c7389f9c66a7d220b0ee3ec4bbad83bf8b2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dda0d3b3726541fc0a44aed66dc39dfb |
| SHA1 | fa4386e7e78bae567ce0f7df4d4dfb9451723aed |
| SHA256 | 63fbd5d51a565af0c814cd515747a144bc2eee7828b6e8ba930520131035dff3 |
| SHA512 | d06ae56130a15dabdb62f17d1e200fbcba1467da30e38d8c99c50d4be5ac5472fc6d4c277c9f94bd8448e2e01c829ebe9e2d1a091b5aed0ad9259912eb4f10dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cace9d0d57617f68f9aa3a32522706f6 |
| SHA1 | c82c15e9a2fe33b437d65abef3b632668dc7da95 |
| SHA256 | a0782430fa53992f90e6538478aa7ffbfca7a84fee513674e00b96a47556a312 |
| SHA512 | 1fd2a8f472163d985a6747f04502a41a365ed47a8b1d177cab69644968394eb33243a1cfa3971e2e8ba535ef16ca9ef919bdf518f71be5f60d2b1fae3fb9967e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\200x589_banner[1].htm
| MD5 | cd2e0e43980a00fb6a2742d3afd803b8 |
| SHA1 | 81ffbd1712afe8cdf138b570c0fc9934742c33c1 |
| SHA256 | bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d |
| SHA512 | 0344c6b2757d4d787ed4a31ec7043c9dc9bf57017e451f60cecb9ad8f5febf64acf2a6c996346ae4b23297623ebf747954410aee27ee3c2f3c6ccd15a15d0f2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61f20cbeff9cae531dce94c44f03e2a7 |
| SHA1 | 8fd1ddb2b1457a271c0e44f1d23376b0490aea9f |
| SHA256 | e00889c850b1f9b2164f2234dc79d0bd9beab799fc50ad5275fb3193473d6535 |
| SHA512 | 1be9bfecabd8819f6745a20d0d03e97103f5f9570fea7b15f24a131f3865b3856ffd8b58da0d8ea1d1da9b74f763dc591ecfc2fce3b44fb0bbbdd5bfee096b1e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml
| MD5 | 5cb14ae924193e53173b49b3ccfaf70d |
| SHA1 | f7284cbb7f831e6c143bf46ac040d8921e010e16 |
| SHA256 | 3f7b3eae29730c694ea3cbc945e4581c9949c615f03b5d5da6de7a6a1e1ecc56 |
| SHA512 | c33f3b8bbf97586bfebc9c16d2f2a2830c1c1978c28f38acafca385baf336860a5d719f8f7fb5b2921c2aac51428a907e87ee40196550bc3031e55c0705f71f6 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml
| MD5 | 15c6a08bebf414abedb766bdaef52da5 |
| SHA1 | 38e5049d8dc0ba41ff971a58179843381a014db4 |
| SHA256 | b4596ef50f8f57398842f996f0766f32151c044efa4810dec734edd803660977 |
| SHA512 | 6488ac1570936078af850426e71927eb377bebcc45bfffe90397ce8d3a3ea3abd334cd6c732d933c2f11daa74dc9d4243c441cdb35e5adc0d9016d83bb2e9a5f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml
| MD5 | 92dcff3c05a0c49f82a9104ced444325 |
| SHA1 | e8bc9bf8c3265bfaeafbc7004fdbe09590a37a99 |
| SHA256 | f233f69217857bfdb4ceaf05b69735c709b571084e7d3de50e01873bb974d5f5 |
| SHA512 | 9c3422771a87d3f42e9bbbaaac60161a8c9405da742b8dee9267cbd13fc68cc14ce3568081f75e928080112e250a3097749a5876a648235be041ece7160fe375 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml
| MD5 | 71c11724c613bd138674134ae913e831 |
| SHA1 | 08979db55bb33386d8cbfdc6769d63a06980afb0 |
| SHA256 | ce863b6de8b6dec9375f6db302f7831a24b99b8cc6d6cd4c20544422a49d5615 |
| SHA512 | 3b0b01c390d6c807d4179309839b1026e6eec7f23562b0e58719d1d957ff91162aada3c3379aa8c048760e95c30462532fa6fb86f5ec209a5ad4270ef161d122 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml
| MD5 | 41c50346e82e8d47684cc45f5781abdc |
| SHA1 | c5960caf1c2e7cd801e55670d04e8bdf63b7ada0 |
| SHA256 | f723f810fce876df75164ff6e0714a3b7fa33b1c230ff6a93929c1aa244238cd |
| SHA512 | 8802518c58dddf286306c0036f1a6c4b0a9eecd6e012ad6108197fc4d3fb8cea89110db2670d45f3068ba3f6a3cc9274438db6184f9d66ba989c715f79e57b30 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml
| MD5 | 29c21ce923b121fc46dc553fb023cb58 |
| SHA1 | cd3cfc577a154458f3f8a61216f5b452b25cd04f |
| SHA256 | cac8b8dbd91a62ef14a2b374725a0740eb03a06b8425ac40d3ffc4ed5be2d660 |
| SHA512 | 7f426502efcc299229126e98c36f3d7a49202821544f7bb8c5f07a45f798082ee800f2f8ab27d17306100f84f7e036f3a53e5f15530061942dd32e845b88d587 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml
| MD5 | e3536c2fa1986ba2ae420ac3af5794bc |
| SHA1 | fa82b5a97ad10cc9d081c51a80821e61baee8293 |
| SHA256 | efdf85b6a4dd12908485c27421a265536f24dec4b37b174f9d7a3f015ade8f71 |
| SHA512 | 5c9ce80258abb1bdecf53cfe0053f7910626b0f11005eb623c74d77134e7003254b1dc15315a10bcea9f1d9c7ee08191e9b1d4040e98375faa0f5e9ae56a1192 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml
| MD5 | f36795a6588e706d6f368d91879f4a12 |
| SHA1 | b6a10842ae412f083abaa35c76de0936f6cf7757 |
| SHA256 | 21ec048dcfbc95e223972e389ade4e26c083aa097cca1c83b63a40618b164e3d |
| SHA512 | 35a34999853f581011356235eb63ecd43dea02da180d7291678c5d863ed216076bf11c3ec9a5d57785600ea1020d31780212b98dcddc66a0964124a1100b9067 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 113099a978df034274ae2a68c151d52f |
| SHA1 | 988b781c6958ea92d3245af70ecff1ff6f4a5feb |
| SHA256 | 16b4c7da8ffdec16d14b9d21da54a92d2dfde9cafe36699f54e843a587720ae9 |
| SHA512 | c3ed0c6053fa1abeaef2098bd0f87a59a6408de9a3f11b80781c20223c8298dea1bdcced3ca9a2d77421fd553c9bc8a7429f03eb7e4c8894bbda52443f9f6978 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d41dcf0d21e68830e388852bbd76e51b |
| SHA1 | 92a242f7b2cdc207620dd14003bc8d82e4a6d577 |
| SHA256 | e589414df6662d33b5d855280367f8efebcc6469e7ddecd790ff1bfbc246d7fe |
| SHA512 | a687e48ce9e7911cf96741056b2dc3394754f9914ecb0c840c3167549930edfc7ff27d06f6917f6ea0f6dbd30462109f33aa6548e7f0cdaff3e8f2c9b0d7a223 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0deec9142d7a033d57dec7c66229359b |
| SHA1 | 5c7e03872d2cc45dda9eec449ba7f3e4fe7eff20 |
| SHA256 | dd0305051d8f9b4ef598c8e46b712c3ad4c296a31a878f8557b22f5afeeac991 |
| SHA512 | 113bfb60f45cfeb6d8cb5c688cf5d6380aee299c72733dad4e18a02707bd7d67f0abad215ce3cb8aca263c4c03b94e6f357a97b20354da66a42443b6f4e91dea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6323cf142e649483e537cf8c1c20e378 |
| SHA1 | da914fed638bf1eeb1939b718ff357efd9fd8556 |
| SHA256 | 4c805b42727cff62883237553ad87cbee4cecd2452b6ff924e8785e9800bc3aa |
| SHA512 | 23d2fa338b13b4f4ce6984d9ceb6ffcf231ade3f9315f26540cb0d16100248c8fbb9d02d020686fb7b2d43ae296555cdcabe1394391ac7b467b4f8133d420ea0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e61004ede4dc886a0fc8d3337fe107a8 |
| SHA1 | 6c651213742aba20e246b0b468e799fabe9a7ce8 |
| SHA256 | 15277ed10dd60f523342dd318d421d7a684d2f7cdde931430e6e7a3ba7c0503b |
| SHA512 | 455027991a300c3fd9bf82ac08996f571bdd4b4b1163846450efc4afc382b979ce895a9b603b182e1dc571ce9caf54f139b61e287e1f48f1c3059c637ec957c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b634ad436a9cd2542a7f1cc8408f779 |
| SHA1 | d44f974eaa97751978fd342b857ba7140c8c35f5 |
| SHA256 | 99b7d72afb075b275c0b1683235fffd9d753897986e557c537186fd1190efac3 |
| SHA512 | 524418522549ec6f66d0615f80afab30a0f1b39c51a252b3bb1c0878b6f23c8ceddcf05e45b1cddba7b6d19c0bd541f503ca65af4988882ef95bfe825f6fe25f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce59058fb1b4b4f039860714619b669d |
| SHA1 | c1ae1441ccab00e180b85965ef67c45f9098f056 |
| SHA256 | 07829f41e011a42b48fced1a8184d1b72cb317aed5d9aa144f40d86c28d09eef |
| SHA512 | ef2c92ba0fdeeebd2b0f4c7c246a2d3a65ea02ad8130ebfc038359d64392a0bc44dbc2822342af2fb258dcdcb4afee4df5adcf6a37658903c0e9a58d21a39e2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a03eb64944abccee6b59ea16e642fa3 |
| SHA1 | 3f6daf81e28873a4a74b9a1faeaf620b23cae026 |
| SHA256 | adc575bdaf71fe3d5129ab41f4ff339f50c63b74cc7f67e41c1812309f9bff4e |
| SHA512 | 4d0c968ab02c9035bbb1f4cd0f9be23fd442682ccd6ec3d667972ab5280f3158161807a5c2dd6f32e6ce1e388403afbe7a5ce226486d1c9750921ea0007353ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dd49419a044427c581ca0eaecb29df4 |
| SHA1 | 6790fa5e20fedf41f3aa5180ebfb313441a56313 |
| SHA256 | 0178de559d17c2a5f4052aeed9d549da3a4e2ee88338dadc9a5b148fab06a02e |
| SHA512 | 30b9ccd92e09b71c9f54992d8010b479c942cec25d1255d2664d5ea7c33c5df78ee2e6b4baec27111fa3d123c2539677523bb2d3f436b887ce346ce057827369 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4aef59e4417f9479e0f8c680e7586814 |
| SHA1 | 84e9d7d4c1779b4620a584170e2313e139c4ba2c |
| SHA256 | 317c9400808e5d5b4e352bc44c673877551745cf8aa5177e4ab63acd49e5fcf0 |
| SHA512 | cc00e5f37cee9a70e0a0c95d0f365829e8a134f59482e7471e90e90840e9e7683b8d54fa6a348a0746f6ba3e3eda1c64d1507f2495bde744f9a71717aba69f49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0647e12d62775d2990ae09c1fa3fb75 |
| SHA1 | 173e34fc6b1d5d38b43bdc0862b3051ed5d6b9f1 |
| SHA256 | 8cd1e607e96208a0aaf476250747c3a4d35128bdd3f4a8b707e8cb27e34e281b |
| SHA512 | e35bbf08b680878a2ddb0e0e5513863821d8548461e527bee9b470247eb5e19b03baeab04e291b2090e20346a096b8b165bd766862a7b87c8900fe7daefbaed7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 842eee4e21144699af9294b013031b61 |
| SHA1 | 3b1cc21bd63c1fce06fbef75f0028c8df9053d30 |
| SHA256 | b7ff652bc224668cefda2aded1679ae6792987aa99cb5ee619b36365f75c3d2a |
| SHA512 | 715fac2ac979ef801187b455684a00c066d8137e523bc84aead3e761ee04deba186c47c44b232193a7a76d5f25425272ec499eec28917c5a95be6b952eba415d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 261dfbaafbcbadb7428c6d75b96ab78a |
| SHA1 | 6f42f69a14e3e68cf2242d35a4d527dd63e03121 |
| SHA256 | 67410f8ba93e91f817c8f0c04e35eae187aa2c553f6af1b669124c84638e3387 |
| SHA512 | f7b2f93edcc83974234ad0152a9c7da9f769043f5b89006a856b7030604f7561caea70571e96b025c529838462e23ad090c74db54fca0ffa73cf528ad1c98e0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aeef3c8504696f5f6a9216137f4a3504 |
| SHA1 | ac5bc0ebc27b5b917f7d3d5bec0b6757b9f05150 |
| SHA256 | a73754ce1ace94a8108a100b3f2144e64a8072d9af861b0ab0904efa6bed17ef |
| SHA512 | c7f0d6da407ea17457404719398644f0f498db2a560a2ec78fa1d49573f2ee8c8f7678dc70c524a01e1d4e86015d7b68e40edfc32f80a3c81f5c642db8f00d1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96eb67249750a2f9ff02ce35624801ef |
| SHA1 | 569f4236d45ca2e3090bfbb4cea2ef8ed503e761 |
| SHA256 | 529d4490a932b18ad785a044662d834fdd618d8ed17a390656ffb3dbff514d1e |
| SHA512 | 54a55292c696b6f579a92e2317e6e62f80195e938248d07c847142cb2d51c5a24434d1f0154e54b66a04f1586383b24e3cfae6ad9f3741b24bb20ccf02c29a57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1173917bbb9a7201a6799c4165e28e25 |
| SHA1 | 72cf1731d7f636cc9cea2638a7c732ccc101bada |
| SHA256 | 0c2d107ef28cdde152e0392234002522cd52fc3c6adc44f11cf36924342f4a60 |
| SHA512 | 3db6c55d9d1b4fe25f52486fbe9501e788449680a3dbd4db6afa646f9836200ea96cddb3e4eb92af774db33180b777b30ef536a2184fa32f91628cb3660c2f58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51e2232fbe549d70c98de893a91d0971 |
| SHA1 | 0b8b81ff5ab50cbe62acc0249f34cd71a0dbfca0 |
| SHA256 | 2e3a7197b3d2d306229a90695c0256cecaad2a6cfca3562689c5ae5c2c426a7e |
| SHA512 | a6e51a7df2031e8d2e6d18b02584adf0cfbc5f04fe57dc1deef3f22fd92b6f80ecbc70354029f2eed1cb7093457aec05d1fd757078b9c102578d814b21380a75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 623acec6600253fae6c4a54668003b7a |
| SHA1 | 79ce99c55f6ab855f0b53a2576e2d91e024eda25 |
| SHA256 | 60a8d3d11c67c4fc127bec57f28bffd534a6407d7c5925cd8a7736182c72c896 |
| SHA512 | bf1209b22ee76889e6fc5c94da2d068c23ebe449b6a4e6d283b293ebd8a02c37fb5970d1c4e18f4ec3885e962f57c106f057916b08210378134381d2b81b6fdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9de71333b3a3b3ab05674673ab4df251 |
| SHA1 | 6785640421887a2338e46db6155f47043382177f |
| SHA256 | 88cf2ae4c301f4b4221db5803acae748015f8500086b8de470caa43f7a653f39 |
| SHA512 | 5ff56c64687915b9e402b9f21851b9c79f5856764ee15fdd07e48509fde919f28355257c7748ebe658be2f39612b32e1d5dc943fee0cbb6feda6bcce7e041524 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfefc9dd98762553e8fda7042bd26efc |
| SHA1 | aa810f93934d474050d2431a023cd3535b162246 |
| SHA256 | 5930037192fa1febfda4e65fe753294af1846b41b1cc072f0840d1a62aa94ee0 |
| SHA512 | 4d2d2a4595c224a2f5d837d9be6cd1fe72d2c26573e36ba6e9106661cbcbb1d0f62833cc115185f977984117f3117105bd8474d5ae3dd409b40197daf71149ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67a8d2fb2de2ad52ed5db883814d4218 |
| SHA1 | a0add12b867c86e4986cd1952c389e6cfa0c9a19 |
| SHA256 | 8c29fff56a6bfc3df7936b0360708e5f9c9ad2a2c68245bc95a15bad78fc1ea9 |
| SHA512 | 010fd8620561e2c51543ad3341c0d240f6d4687e0cf4940fd61641505131dba74823ed12c7b4557408cf993ae14c76040137fb6dc9ccaf81911a2876341d4e48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72152cb11252d4317de0459de2448e77 |
| SHA1 | 46a01f7f596566c26ee73bda164ecefaa071c4b1 |
| SHA256 | 364b727b6bdf4983f45471b07935aa1dac0ada95276e09201a3d3634446355d9 |
| SHA512 | 7e9223616aeae2e5a5ddf8f062d5bf0d9b7f4c82bd60a8328cc08df48903e3850ac70b73a21d0b99ed61b36356b0d796c23d08a8ceab8bce2bae7aaba1906b87 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:31
Reported
2024-06-13 07:34
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4701dbb6f52f0435170577baeb489ff_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3836,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3896,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4984,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=4948,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5664,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5892,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5860,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5944,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | counter.rambler.ru | udp |
| US | 8.8.8.8:53 | counter.rambler.ru | udp |
| US | 8.8.8.8:53 | news.yandex.ru | udp |
| US | 8.8.8.8:53 | news.yandex.ru | udp |
| US | 8.8.8.8:53 | www.rosinvest.com | udp |
| US | 8.8.8.8:53 | www.rosinvest.com | udp |
| US | 8.8.8.8:53 | kinomob.info | udp |
| US | 8.8.8.8:53 | kinomob.info | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | counter.rambler.ru | udp |
| US | 8.8.8.8:53 | counter.rambler.ru | udp |
| US | 8.8.8.8:53 | news.yandex.ru | udp |
| US | 8.8.8.8:53 | news.yandex.ru | udp |
| US | 8.8.8.8:53 | www.rosinvest.com | udp |
| US | 8.8.8.8:53 | www.rosinvest.com | udp |
| US | 8.8.8.8:53 | kinomob.info | udp |
| US | 8.8.8.8:53 | kinomob.info | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | counter.rambler.ru | udp |
| US | 8.8.8.8:53 | news.yandex.ru | udp |
| US | 8.8.8.8:53 | kinomob.info | udp |
| US | 8.8.8.8:53 | www.rosinvest.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | s202.ucoz.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | kinomob.info | udp |
| US | 8.8.8.8:53 | kinomob.info | udp |
| US | 8.8.8.8:53 | info.weather.yandex.net | udp |
| US | 8.8.8.8:53 | info.weather.yandex.net | udp |
| US | 8.8.8.8:53 | kinomob.info | udp |
| US | 8.8.8.8:53 | kinomob.info | udp |
| US | 8.8.8.8:53 | info.weather.yandex.net | udp |
| US | 8.8.8.8:53 | info.weather.yandex.net | udp |
| US | 8.8.8.8:53 | kinomob.info | udp |
| US | 8.8.8.8:53 | info.weather.yandex.net | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | top100-images.rambler.ru | udp |
| US | 8.8.8.8:53 | top100-images.rambler.ru | udp |
| US | 8.8.8.8:53 | d7.ce.b8.a1.top.mail.ru | udp |
| US | 8.8.8.8:53 | d7.ce.b8.a1.top.mail.ru | udp |
| US | 8.8.8.8:53 | it.ul-online.ru | udp |
| US | 8.8.8.8:53 | it.ul-online.ru | udp |
| US | 8.8.8.8:53 | www.aport.ru | udp |
| US | 8.8.8.8:53 | www.aport.ru | udp |
| US | 8.8.8.8:53 | www.wolist.ru | udp |
| US | 8.8.8.8:53 | www.wolist.ru | udp |
| US | 8.8.8.8:53 | counter.24log.ru | udp |
| US | 8.8.8.8:53 | counter.24log.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| US | 8.8.8.8:53 | counting.kmindex.ru | udp |
| US | 8.8.8.8:53 | counting.kmindex.ru | udp |
| US | 8.8.8.8:53 | s202.ucoz.net | udp |
| US | 8.8.8.8:53 | s202.ucoz.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | top100-images.rambler.ru | udp |
| US | 8.8.8.8:53 | top100-images.rambler.ru | udp |
| US | 8.8.8.8:53 | d7.ce.b8.a1.top.mail.ru | udp |
| US | 8.8.8.8:53 | d7.ce.b8.a1.top.mail.ru | udp |
| US | 8.8.8.8:53 | it.ul-online.ru | udp |
| US | 8.8.8.8:53 | it.ul-online.ru | udp |
| US | 8.8.8.8:53 | www.aport.ru | udp |
| US | 8.8.8.8:53 | www.aport.ru | udp |
| US | 8.8.8.8:53 | www.wolist.ru | udp |
| US | 8.8.8.8:53 | www.wolist.ru | udp |
| US | 8.8.8.8:53 | counter.24log.ru | udp |
| US | 8.8.8.8:53 | counter.24log.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | inzaraion.narod.ru | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| US | 8.8.8.8:53 | counting.kmindex.ru | udp |
| US | 8.8.8.8:53 | counting.kmindex.ru | udp |
| US | 8.8.8.8:53 | s202.ucoz.net | udp |
| US | 8.8.8.8:53 | s202.ucoz.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | counter.spylog.com | udp |
| US | 8.8.8.8:53 | counter.spylog.com | udp |
| US | 8.8.8.8:53 | hit30.hotlog.ru | udp |
| US | 8.8.8.8:53 | hit30.hotlog.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.spylog.com | udp |
| US | 8.8.8.8:53 | counter.spylog.com | udp |
| US | 8.8.8.8:53 | hit30.hotlog.ru | udp |
| US | 8.8.8.8:53 | hit30.hotlog.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | counter.spylog.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |