Malware Analysis Report

2025-01-18 02:04

Sample ID 240613-jcpx7azakd
Target a4701dbb6f52f0435170577baeb489ff_JaffaCakes118
SHA256 ea8c422aeebf4755fc4b7c6cccea5561176ff6c75eebdef156b96b15b5851c19
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ea8c422aeebf4755fc4b7c6cccea5561176ff6c75eebdef156b96b15b5851c19

Threat Level: No (potentially) malicious behavior was detected

The file a4701dbb6f52f0435170577baeb489ff_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:31

Reported

2024-06-13 07:34

Platform

win7-20240611-en

Max time kernel

141s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4701dbb6f52f0435170577baeb489ff_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "40" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "886" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1768" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424425766" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "61" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "98" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "89" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "98" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "104" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "854" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "98" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "1768" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "89" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "136" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "136" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "1593" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "136" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "1028" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "104" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1028" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "854" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000002f3914abc7a6fd6f0e72f4c456256cc88db2c8a1f1057ed67a42a84d410f92d9000000000e8000000002000020000000fc23a4ce95e2a91c5de5e6aa12d6cfae4e58dc09f58b4de6ae04008063b68ed22000000079bf1d4681d598f0737d5a8d6c1a812cb5eb13511c049c6290ba44c3a53f291c40000000a76537e404675315cac116486888fc9a74c2e6d72eb43f46e9b2ae7880506a9c72a5267177c4d03fd88bdd15fb0376de5a4e719f49f27d24a6b9aa699d809bc8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\narod.ru\Total = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60de1fea63bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "40" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\inzaraion.narod.ru\ = "61" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4701dbb6f52f0435170577baeb489ff_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 counter.rambler.ru udp
US 8.8.8.8:53 www.rosinvest.com udp
US 8.8.8.8:53 top100-images.rambler.ru udp
US 8.8.8.8:53 news.yandex.ru udp
US 8.8.8.8:53 kinomob.info udp
US 8.8.8.8:53 it.ul-online.ru udp
US 8.8.8.8:53 d7.ce.b8.a1.top.mail.ru udp
US 8.8.8.8:53 www.aport.ru udp
US 8.8.8.8:53 www.wolist.ru udp
US 8.8.8.8:53 counter.24log.ru udp
US 8.8.8.8:53 info.weather.yandex.net udp
US 8.8.8.8:53 clck.yandex.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 s202.ucoz.net udp
RU 81.19.89.17:80 counter.rambler.ru tcp
RU 87.242.127.163:80 top100-images.rambler.ru tcp
RU 81.19.89.17:80 counter.rambler.ru tcp
RU 87.242.127.163:80 top100-images.rambler.ru tcp
US 172.67.139.203:80 kinomob.info tcp
US 172.67.139.203:80 kinomob.info tcp
US 64.79.79.18:80 counter.24log.ru tcp
US 64.79.79.18:80 counter.24log.ru tcp
US 64.79.79.18:80 counter.24log.ru tcp
RU 87.250.250.14:80 clck.yandex.ru tcp
RU 87.250.250.14:80 clck.yandex.ru tcp
RU 77.244.220.11:80 www.rosinvest.com tcp
RU 77.244.220.11:80 www.rosinvest.com tcp
RU 193.109.247.224:80 s202.ucoz.net tcp
RU 193.109.247.224:80 s202.ucoz.net tcp
RU 95.163.52.67:80 d7.ce.b8.a1.top.mail.ru tcp
RU 95.163.52.67:80 d7.ce.b8.a1.top.mail.ru tcp
RU 213.180.204.12:80 news.yandex.ru tcp
RU 213.180.204.12:80 news.yandex.ru tcp
RU 23.111.103.204:80 www.aport.ru tcp
RU 23.111.103.204:80 www.aport.ru tcp
RU 213.180.193.146:80 info.weather.yandex.net tcp
RU 213.180.193.146:80 info.weather.yandex.net tcp
RU 37.140.192.138:80 www.wolist.ru tcp
RU 37.140.192.138:80 www.wolist.ru tcp
RU 193.109.247.224:80 s202.ucoz.net tcp
RU 193.109.247.224:80 s202.ucoz.net tcp
RU 5.101.153.158:80 it.ul-online.ru tcp
RU 5.101.153.158:80 it.ul-online.ru tcp
RU 81.19.89.17:443 counter.rambler.ru tcp
US 172.67.139.203:443 kinomob.info tcp
US 8.8.8.8:53 rosinvest.com udp
US 172.67.139.203:443 kinomob.info tcp
RU 77.244.220.11:443 rosinvest.com tcp
RU 77.244.220.11:443 rosinvest.com tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 dzen.ru udp
US 64.79.79.18:443 counter.24log.ru tcp
US 64.79.79.18:443 counter.24log.ru tcp
US 64.79.79.18:443 counter.24log.ru tcp
RU 193.109.247.224:443 s202.ucoz.net tcp
RU 37.140.192.138:443 www.wolist.ru tcp
RU 95.163.52.67:80 top-fwz1.mail.ru tcp
RU 95.163.52.67:80 top-fwz1.mail.ru tcp
RU 62.217.160.2:443 dzen.ru tcp
RU 62.217.160.2:443 dzen.ru tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 23.14.90.73:80 apps.identrust.com tcp
US 8.8.8.8:53 sso.passport.yandex.ru udp
RU 93.158.134.144:443 sso.passport.yandex.ru tcp
RU 93.158.134.144:443 sso.passport.yandex.ru tcp
US 8.8.8.8:53 wolist.ru udp
RU 37.140.192.138:443 wolist.ru tcp
RU 37.140.192.138:443 wolist.ru tcp
RU 81.19.89.17:443 counter.rambler.ru tcp
US 8.8.8.8:53 counter.spylog.com udp
US 8.8.8.8:53 hit30.hotlog.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counting.kmindex.ru udp
RU 193.109.247.224:80 s202.ucoz.net tcp
RU 193.109.247.224:80 s202.ucoz.net tcp
RU 88.212.201.198:80 counter.yadro.ru tcp
RU 88.212.201.198:80 counter.yadro.ru tcp
FR 37.187.202.102:80 counting.kmindex.ru tcp
FR 37.187.202.102:80 counting.kmindex.ru tcp
RU 193.109.247.224:443 s202.ucoz.net tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
RU 88.212.201.198:443 counter.yadro.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 193.109.247.224:443 s202.ucoz.net tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
RU 193.109.247.224:443 s202.ucoz.net tcp
RU 87.250.251.119:443 mc.yandex.ru tcp
RU 87.250.251.119:443 mc.yandex.ru tcp
RU 193.109.247.224:443 s202.ucoz.net tcp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
RU 193.109.247.224:443 s202.ucoz.net tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
RU 89.208.236.251:80 hit30.hotlog.ru tcp
RU 89.208.236.251:80 hit30.hotlog.ru tcp
RU 193.109.247.224:443 s202.ucoz.net tcp
RU 193.109.247.224:80 s202.ucoz.net tcp
RU 193.109.247.224:443 s202.ucoz.net tcp
RU 193.109.247.224:80 s202.ucoz.net tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 77.88.21.119:443 mc.yandex.com tcp
RU 77.88.21.119:443 mc.yandex.com tcp
RU 77.88.21.119:443 mc.yandex.com tcp
RU 23.111.103.204:80 www.aport.ru tcp
RU 23.111.103.204:80 www.aport.ru tcp
RU 89.208.236.251:80 hit30.hotlog.ru tcp
RU 89.208.236.251:80 hit30.hotlog.ru tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab100A.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar102C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a56e5d3b7beba37a30251e83eeead74
SHA1 c3561e71034e7b538f2bb258f25d5dd0ab2657d3
SHA256 874fdf0252d29381cef1c8586cab2212532786f6fff0d84063b073e9844ecae8
SHA512 7c22bd1e67d2264fec41e03649d47693c9746cc4e60ae7b4848f24918e9e9a6a7ed42f378ecae9cac435e6fb8f843d0e9b281e8d552deb7740adecae86e82c7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a365ae9e14a0e700da5b6d805d02003
SHA1 d2990aa383a7a76194ed6030a3a8c05081ff05e5
SHA256 8c8b62536909a90a39ccf5cd34997c256af8c49605861cae025d87ab1eaaca1d
SHA512 bdf5b9243605548719398f986ca5e661c4fda3da30725500f95d334d518ff0aeb3286e7d7481cab5f4b4a51ab8471fe0babfeb7963e92c1101be9c6a5e401789

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d32051165138bc42f78bcb4890956b3
SHA1 6c5bcd08160c405904b4a9311d790e0e693497a9
SHA256 e806a37778769444ee706c41ebd1bc8354cf97fb2c3c3c34395a5cec41852243
SHA512 9fdfe3e6b2c6dfcbede73f227ce5b086bfb386b133dc037bc18a4806736b09b96f799d843e4cb705ae98d26903db381e7b2eef7d5a013aa16e371486b3ff6003

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58f87534fa53b1b9c831c398bdba0f84
SHA1 0889c4036e0fb7ee510efc123a4da1022273f20d
SHA256 eb3dcf529392e77098d4611db16580c0fae1a506d17c0d3fdf60358dea0f5487
SHA512 cb6d2504f8d9605e442490cbeb632997742ca18a67d91b28b074d5b21172d4d22b2eba5ebf0d8fda769807d61834c7389f9c66a7d220b0ee3ec4bbad83bf8b2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dda0d3b3726541fc0a44aed66dc39dfb
SHA1 fa4386e7e78bae567ce0f7df4d4dfb9451723aed
SHA256 63fbd5d51a565af0c814cd515747a144bc2eee7828b6e8ba930520131035dff3
SHA512 d06ae56130a15dabdb62f17d1e200fbcba1467da30e38d8c99c50d4be5ac5472fc6d4c277c9f94bd8448e2e01c829ebe9e2d1a091b5aed0ad9259912eb4f10dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cace9d0d57617f68f9aa3a32522706f6
SHA1 c82c15e9a2fe33b437d65abef3b632668dc7da95
SHA256 a0782430fa53992f90e6538478aa7ffbfca7a84fee513674e00b96a47556a312
SHA512 1fd2a8f472163d985a6747f04502a41a365ed47a8b1d177cab69644968394eb33243a1cfa3971e2e8ba535ef16ca9ef919bdf518f71be5f60d2b1fae3fb9967e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\200x589_banner[1].htm

MD5 cd2e0e43980a00fb6a2742d3afd803b8
SHA1 81ffbd1712afe8cdf138b570c0fc9934742c33c1
SHA256 bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
SHA512 0344c6b2757d4d787ed4a31ec7043c9dc9bf57017e451f60cecb9ad8f5febf64acf2a6c996346ae4b23297623ebf747954410aee27ee3c2f3c6ccd15a15d0f2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61f20cbeff9cae531dce94c44f03e2a7
SHA1 8fd1ddb2b1457a271c0e44f1d23376b0490aea9f
SHA256 e00889c850b1f9b2164f2234dc79d0bd9beab799fc50ad5275fb3193473d6535
SHA512 1be9bfecabd8819f6745a20d0d03e97103f5f9570fea7b15f24a131f3865b3856ffd8b58da0d8ea1d1da9b74f763dc591ecfc2fce3b44fb0bbbdd5bfee096b1e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml

MD5 5cb14ae924193e53173b49b3ccfaf70d
SHA1 f7284cbb7f831e6c143bf46ac040d8921e010e16
SHA256 3f7b3eae29730c694ea3cbc945e4581c9949c615f03b5d5da6de7a6a1e1ecc56
SHA512 c33f3b8bbf97586bfebc9c16d2f2a2830c1c1978c28f38acafca385baf336860a5d719f8f7fb5b2921c2aac51428a907e87ee40196550bc3031e55c0705f71f6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml

MD5 15c6a08bebf414abedb766bdaef52da5
SHA1 38e5049d8dc0ba41ff971a58179843381a014db4
SHA256 b4596ef50f8f57398842f996f0766f32151c044efa4810dec734edd803660977
SHA512 6488ac1570936078af850426e71927eb377bebcc45bfffe90397ce8d3a3ea3abd334cd6c732d933c2f11daa74dc9d4243c441cdb35e5adc0d9016d83bb2e9a5f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml

MD5 92dcff3c05a0c49f82a9104ced444325
SHA1 e8bc9bf8c3265bfaeafbc7004fdbe09590a37a99
SHA256 f233f69217857bfdb4ceaf05b69735c709b571084e7d3de50e01873bb974d5f5
SHA512 9c3422771a87d3f42e9bbbaaac60161a8c9405da742b8dee9267cbd13fc68cc14ce3568081f75e928080112e250a3097749a5876a648235be041ece7160fe375

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml

MD5 71c11724c613bd138674134ae913e831
SHA1 08979db55bb33386d8cbfdc6769d63a06980afb0
SHA256 ce863b6de8b6dec9375f6db302f7831a24b99b8cc6d6cd4c20544422a49d5615
SHA512 3b0b01c390d6c807d4179309839b1026e6eec7f23562b0e58719d1d957ff91162aada3c3379aa8c048760e95c30462532fa6fb86f5ec209a5ad4270ef161d122

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml

MD5 41c50346e82e8d47684cc45f5781abdc
SHA1 c5960caf1c2e7cd801e55670d04e8bdf63b7ada0
SHA256 f723f810fce876df75164ff6e0714a3b7fa33b1c230ff6a93929c1aa244238cd
SHA512 8802518c58dddf286306c0036f1a6c4b0a9eecd6e012ad6108197fc4d3fb8cea89110db2670d45f3068ba3f6a3cc9274438db6184f9d66ba989c715f79e57b30

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml

MD5 29c21ce923b121fc46dc553fb023cb58
SHA1 cd3cfc577a154458f3f8a61216f5b452b25cd04f
SHA256 cac8b8dbd91a62ef14a2b374725a0740eb03a06b8425ac40d3ffc4ed5be2d660
SHA512 7f426502efcc299229126e98c36f3d7a49202821544f7bb8c5f07a45f798082ee800f2f8ab27d17306100f84f7e036f3a53e5f15530061942dd32e845b88d587

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml

MD5 e3536c2fa1986ba2ae420ac3af5794bc
SHA1 fa82b5a97ad10cc9d081c51a80821e61baee8293
SHA256 efdf85b6a4dd12908485c27421a265536f24dec4b37b174f9d7a3f015ade8f71
SHA512 5c9ce80258abb1bdecf53cfe0053f7910626b0f11005eb623c74d77134e7003254b1dc15315a10bcea9f1d9c7ee08191e9b1d4040e98375faa0f5e9ae56a1192

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9BNA3T9V\inzaraion.narod[1].xml

MD5 f36795a6588e706d6f368d91879f4a12
SHA1 b6a10842ae412f083abaa35c76de0936f6cf7757
SHA256 21ec048dcfbc95e223972e389ade4e26c083aa097cca1c83b63a40618b164e3d
SHA512 35a34999853f581011356235eb63ecd43dea02da180d7291678c5d863ed216076bf11c3ec9a5d57785600ea1020d31780212b98dcddc66a0964124a1100b9067

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 113099a978df034274ae2a68c151d52f
SHA1 988b781c6958ea92d3245af70ecff1ff6f4a5feb
SHA256 16b4c7da8ffdec16d14b9d21da54a92d2dfde9cafe36699f54e843a587720ae9
SHA512 c3ed0c6053fa1abeaef2098bd0f87a59a6408de9a3f11b80781c20223c8298dea1bdcced3ca9a2d77421fd553c9bc8a7429f03eb7e4c8894bbda52443f9f6978

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d41dcf0d21e68830e388852bbd76e51b
SHA1 92a242f7b2cdc207620dd14003bc8d82e4a6d577
SHA256 e589414df6662d33b5d855280367f8efebcc6469e7ddecd790ff1bfbc246d7fe
SHA512 a687e48ce9e7911cf96741056b2dc3394754f9914ecb0c840c3167549930edfc7ff27d06f6917f6ea0f6dbd30462109f33aa6548e7f0cdaff3e8f2c9b0d7a223

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0deec9142d7a033d57dec7c66229359b
SHA1 5c7e03872d2cc45dda9eec449ba7f3e4fe7eff20
SHA256 dd0305051d8f9b4ef598c8e46b712c3ad4c296a31a878f8557b22f5afeeac991
SHA512 113bfb60f45cfeb6d8cb5c688cf5d6380aee299c72733dad4e18a02707bd7d67f0abad215ce3cb8aca263c4c03b94e6f357a97b20354da66a42443b6f4e91dea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6323cf142e649483e537cf8c1c20e378
SHA1 da914fed638bf1eeb1939b718ff357efd9fd8556
SHA256 4c805b42727cff62883237553ad87cbee4cecd2452b6ff924e8785e9800bc3aa
SHA512 23d2fa338b13b4f4ce6984d9ceb6ffcf231ade3f9315f26540cb0d16100248c8fbb9d02d020686fb7b2d43ae296555cdcabe1394391ac7b467b4f8133d420ea0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e61004ede4dc886a0fc8d3337fe107a8
SHA1 6c651213742aba20e246b0b468e799fabe9a7ce8
SHA256 15277ed10dd60f523342dd318d421d7a684d2f7cdde931430e6e7a3ba7c0503b
SHA512 455027991a300c3fd9bf82ac08996f571bdd4b4b1163846450efc4afc382b979ce895a9b603b182e1dc571ce9caf54f139b61e287e1f48f1c3059c637ec957c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b634ad436a9cd2542a7f1cc8408f779
SHA1 d44f974eaa97751978fd342b857ba7140c8c35f5
SHA256 99b7d72afb075b275c0b1683235fffd9d753897986e557c537186fd1190efac3
SHA512 524418522549ec6f66d0615f80afab30a0f1b39c51a252b3bb1c0878b6f23c8ceddcf05e45b1cddba7b6d19c0bd541f503ca65af4988882ef95bfe825f6fe25f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce59058fb1b4b4f039860714619b669d
SHA1 c1ae1441ccab00e180b85965ef67c45f9098f056
SHA256 07829f41e011a42b48fced1a8184d1b72cb317aed5d9aa144f40d86c28d09eef
SHA512 ef2c92ba0fdeeebd2b0f4c7c246a2d3a65ea02ad8130ebfc038359d64392a0bc44dbc2822342af2fb258dcdcb4afee4df5adcf6a37658903c0e9a58d21a39e2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a03eb64944abccee6b59ea16e642fa3
SHA1 3f6daf81e28873a4a74b9a1faeaf620b23cae026
SHA256 adc575bdaf71fe3d5129ab41f4ff339f50c63b74cc7f67e41c1812309f9bff4e
SHA512 4d0c968ab02c9035bbb1f4cd0f9be23fd442682ccd6ec3d667972ab5280f3158161807a5c2dd6f32e6ce1e388403afbe7a5ce226486d1c9750921ea0007353ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6dd49419a044427c581ca0eaecb29df4
SHA1 6790fa5e20fedf41f3aa5180ebfb313441a56313
SHA256 0178de559d17c2a5f4052aeed9d549da3a4e2ee88338dadc9a5b148fab06a02e
SHA512 30b9ccd92e09b71c9f54992d8010b479c942cec25d1255d2664d5ea7c33c5df78ee2e6b4baec27111fa3d123c2539677523bb2d3f436b887ce346ce057827369

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4aef59e4417f9479e0f8c680e7586814
SHA1 84e9d7d4c1779b4620a584170e2313e139c4ba2c
SHA256 317c9400808e5d5b4e352bc44c673877551745cf8aa5177e4ab63acd49e5fcf0
SHA512 cc00e5f37cee9a70e0a0c95d0f365829e8a134f59482e7471e90e90840e9e7683b8d54fa6a348a0746f6ba3e3eda1c64d1507f2495bde744f9a71717aba69f49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0647e12d62775d2990ae09c1fa3fb75
SHA1 173e34fc6b1d5d38b43bdc0862b3051ed5d6b9f1
SHA256 8cd1e607e96208a0aaf476250747c3a4d35128bdd3f4a8b707e8cb27e34e281b
SHA512 e35bbf08b680878a2ddb0e0e5513863821d8548461e527bee9b470247eb5e19b03baeab04e291b2090e20346a096b8b165bd766862a7b87c8900fe7daefbaed7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 842eee4e21144699af9294b013031b61
SHA1 3b1cc21bd63c1fce06fbef75f0028c8df9053d30
SHA256 b7ff652bc224668cefda2aded1679ae6792987aa99cb5ee619b36365f75c3d2a
SHA512 715fac2ac979ef801187b455684a00c066d8137e523bc84aead3e761ee04deba186c47c44b232193a7a76d5f25425272ec499eec28917c5a95be6b952eba415d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 261dfbaafbcbadb7428c6d75b96ab78a
SHA1 6f42f69a14e3e68cf2242d35a4d527dd63e03121
SHA256 67410f8ba93e91f817c8f0c04e35eae187aa2c553f6af1b669124c84638e3387
SHA512 f7b2f93edcc83974234ad0152a9c7da9f769043f5b89006a856b7030604f7561caea70571e96b025c529838462e23ad090c74db54fca0ffa73cf528ad1c98e0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aeef3c8504696f5f6a9216137f4a3504
SHA1 ac5bc0ebc27b5b917f7d3d5bec0b6757b9f05150
SHA256 a73754ce1ace94a8108a100b3f2144e64a8072d9af861b0ab0904efa6bed17ef
SHA512 c7f0d6da407ea17457404719398644f0f498db2a560a2ec78fa1d49573f2ee8c8f7678dc70c524a01e1d4e86015d7b68e40edfc32f80a3c81f5c642db8f00d1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96eb67249750a2f9ff02ce35624801ef
SHA1 569f4236d45ca2e3090bfbb4cea2ef8ed503e761
SHA256 529d4490a932b18ad785a044662d834fdd618d8ed17a390656ffb3dbff514d1e
SHA512 54a55292c696b6f579a92e2317e6e62f80195e938248d07c847142cb2d51c5a24434d1f0154e54b66a04f1586383b24e3cfae6ad9f3741b24bb20ccf02c29a57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1173917bbb9a7201a6799c4165e28e25
SHA1 72cf1731d7f636cc9cea2638a7c732ccc101bada
SHA256 0c2d107ef28cdde152e0392234002522cd52fc3c6adc44f11cf36924342f4a60
SHA512 3db6c55d9d1b4fe25f52486fbe9501e788449680a3dbd4db6afa646f9836200ea96cddb3e4eb92af774db33180b777b30ef536a2184fa32f91628cb3660c2f58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51e2232fbe549d70c98de893a91d0971
SHA1 0b8b81ff5ab50cbe62acc0249f34cd71a0dbfca0
SHA256 2e3a7197b3d2d306229a90695c0256cecaad2a6cfca3562689c5ae5c2c426a7e
SHA512 a6e51a7df2031e8d2e6d18b02584adf0cfbc5f04fe57dc1deef3f22fd92b6f80ecbc70354029f2eed1cb7093457aec05d1fd757078b9c102578d814b21380a75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 623acec6600253fae6c4a54668003b7a
SHA1 79ce99c55f6ab855f0b53a2576e2d91e024eda25
SHA256 60a8d3d11c67c4fc127bec57f28bffd534a6407d7c5925cd8a7736182c72c896
SHA512 bf1209b22ee76889e6fc5c94da2d068c23ebe449b6a4e6d283b293ebd8a02c37fb5970d1c4e18f4ec3885e962f57c106f057916b08210378134381d2b81b6fdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9de71333b3a3b3ab05674673ab4df251
SHA1 6785640421887a2338e46db6155f47043382177f
SHA256 88cf2ae4c301f4b4221db5803acae748015f8500086b8de470caa43f7a653f39
SHA512 5ff56c64687915b9e402b9f21851b9c79f5856764ee15fdd07e48509fde919f28355257c7748ebe658be2f39612b32e1d5dc943fee0cbb6feda6bcce7e041524

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfefc9dd98762553e8fda7042bd26efc
SHA1 aa810f93934d474050d2431a023cd3535b162246
SHA256 5930037192fa1febfda4e65fe753294af1846b41b1cc072f0840d1a62aa94ee0
SHA512 4d2d2a4595c224a2f5d837d9be6cd1fe72d2c26573e36ba6e9106661cbcbb1d0f62833cc115185f977984117f3117105bd8474d5ae3dd409b40197daf71149ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67a8d2fb2de2ad52ed5db883814d4218
SHA1 a0add12b867c86e4986cd1952c389e6cfa0c9a19
SHA256 8c29fff56a6bfc3df7936b0360708e5f9c9ad2a2c68245bc95a15bad78fc1ea9
SHA512 010fd8620561e2c51543ad3341c0d240f6d4687e0cf4940fd61641505131dba74823ed12c7b4557408cf993ae14c76040137fb6dc9ccaf81911a2876341d4e48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72152cb11252d4317de0459de2448e77
SHA1 46a01f7f596566c26ee73bda164ecefaa071c4b1
SHA256 364b727b6bdf4983f45471b07935aa1dac0ada95276e09201a3d3634446355d9
SHA512 7e9223616aeae2e5a5ddf8f062d5bf0d9b7f4c82bd60a8328cc08df48903e3850ac70b73a21d0b99ed61b36356b0d796c23d08a8ceab8bce2bae7aaba1906b87

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:31

Reported

2024-06-13 07:34

Platform

win10v2004-20240508-en

Max time kernel

134s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4701dbb6f52f0435170577baeb489ff_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4701dbb6f52f0435170577baeb489ff_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3836,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3896,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4984,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=4948,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5664,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5892,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5860,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5944,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 counter.rambler.ru udp
US 8.8.8.8:53 counter.rambler.ru udp
US 8.8.8.8:53 news.yandex.ru udp
US 8.8.8.8:53 news.yandex.ru udp
US 8.8.8.8:53 www.rosinvest.com udp
US 8.8.8.8:53 www.rosinvest.com udp
US 8.8.8.8:53 kinomob.info udp
US 8.8.8.8:53 kinomob.info udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 counter.rambler.ru udp
US 8.8.8.8:53 counter.rambler.ru udp
US 8.8.8.8:53 news.yandex.ru udp
US 8.8.8.8:53 news.yandex.ru udp
US 8.8.8.8:53 www.rosinvest.com udp
US 8.8.8.8:53 www.rosinvest.com udp
US 8.8.8.8:53 kinomob.info udp
US 8.8.8.8:53 kinomob.info udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 counter.rambler.ru udp
US 8.8.8.8:53 news.yandex.ru udp
US 8.8.8.8:53 kinomob.info udp
US 8.8.8.8:53 www.rosinvest.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 s202.ucoz.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 kinomob.info udp
US 8.8.8.8:53 kinomob.info udp
US 8.8.8.8:53 info.weather.yandex.net udp
US 8.8.8.8:53 info.weather.yandex.net udp
US 8.8.8.8:53 kinomob.info udp
US 8.8.8.8:53 kinomob.info udp
US 8.8.8.8:53 info.weather.yandex.net udp
US 8.8.8.8:53 info.weather.yandex.net udp
US 8.8.8.8:53 kinomob.info udp
US 8.8.8.8:53 info.weather.yandex.net udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 top100-images.rambler.ru udp
US 8.8.8.8:53 top100-images.rambler.ru udp
US 8.8.8.8:53 d7.ce.b8.a1.top.mail.ru udp
US 8.8.8.8:53 d7.ce.b8.a1.top.mail.ru udp
US 8.8.8.8:53 it.ul-online.ru udp
US 8.8.8.8:53 it.ul-online.ru udp
US 8.8.8.8:53 www.aport.ru udp
US 8.8.8.8:53 www.aport.ru udp
US 8.8.8.8:53 www.wolist.ru udp
US 8.8.8.8:53 www.wolist.ru udp
US 8.8.8.8:53 counter.24log.ru udp
US 8.8.8.8:53 counter.24log.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 clck.yandex.ru udp
US 8.8.8.8:53 clck.yandex.ru udp
US 8.8.8.8:53 counting.kmindex.ru udp
US 8.8.8.8:53 counting.kmindex.ru udp
US 8.8.8.8:53 s202.ucoz.net udp
US 8.8.8.8:53 s202.ucoz.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 top100-images.rambler.ru udp
US 8.8.8.8:53 top100-images.rambler.ru udp
US 8.8.8.8:53 d7.ce.b8.a1.top.mail.ru udp
US 8.8.8.8:53 d7.ce.b8.a1.top.mail.ru udp
US 8.8.8.8:53 it.ul-online.ru udp
US 8.8.8.8:53 it.ul-online.ru udp
US 8.8.8.8:53 www.aport.ru udp
US 8.8.8.8:53 www.aport.ru udp
US 8.8.8.8:53 www.wolist.ru udp
US 8.8.8.8:53 www.wolist.ru udp
US 8.8.8.8:53 counter.24log.ru udp
US 8.8.8.8:53 counter.24log.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 inzaraion.narod.ru udp
US 8.8.8.8:53 clck.yandex.ru udp
US 8.8.8.8:53 clck.yandex.ru udp
US 8.8.8.8:53 counting.kmindex.ru udp
US 8.8.8.8:53 counting.kmindex.ru udp
US 8.8.8.8:53 s202.ucoz.net udp
US 8.8.8.8:53 s202.ucoz.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 counter.spylog.com udp
US 8.8.8.8:53 counter.spylog.com udp
US 8.8.8.8:53 hit30.hotlog.ru udp
US 8.8.8.8:53 hit30.hotlog.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.spylog.com udp
US 8.8.8.8:53 counter.spylog.com udp
US 8.8.8.8:53 hit30.hotlog.ru udp
US 8.8.8.8:53 hit30.hotlog.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 counter.spylog.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A