9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0

Resubmissions

11/01/2021, 03:44

210111-v8hz9lm7zs 10

29/11/2020, 15:49

201129-sp88h75zyn 10

Analysis

max time kernel
142s
max time network
148s
platform
windows10_x64
resource
win10v20201028
submitted
11/01/2021, 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0.dll
Size

132KB
MD5

b0f3a46adf98efb3a9ac7cead9b4fc5a
SHA1

01b0ece80907f2d9e500ada1cd2d555b782dd3a2
SHA256

9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0
SHA512

22076388da1305e1a9b7ad3257fde95b81118983c95b0025b3a4c848b6703257dbaeaad3da10dab7e66c18fdb7bc015dbf08f20ad0f37543f40e5b448779b6be

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 8 IoCs

flow	pid	Process
21	1300	rundll32.exe
22	1300	rundll32.exe
23	1300	rundll32.exe
24	1300	rundll32.exe
40	1300	rundll32.exe
41	1300	rundll32.exe
60	1300	rundll32.exe
61	1300	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 151 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90768f0bd5e7d601	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000003f6c2587f2ae35282c1f398f808c37f519acad57d7dd495a4c4aefc35aa84f5f000000000e80000000020000200000005afda03e655dab22009314c323177ad1901f716c95fbd1ad128b5a7732c9d35520000000db82afeba735ab4b1a51da7b3b54527326d42ea5ce9c583b5f5636fb31451ef5400000007a80ca02bade96932b886a85a23caf3c4f733f5d7bd0ac5a4e4509f205ebe4abb3df056c3d82df049a6f07fc8532b35a64457a466deeaab275a11b5d7839a2a6	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "103962305"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30861269"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000005d42bb7f003383cf6a456c8165f3213ae50cd2e75f6295e5d2c020cc3168a20e000000000e8000000002000020000000a3737759bc0d795a4df432bf0c98692a629404480c778298e126fe6fe420ecdc20000000ceda520bc4ca29147b8a6fecd5881c3b3b119216f441fc62e6eea59bfd1766224000000012151454e52afe7bc5fae85c70eea47147b13c71382e85c81eaa607e90da76f91c5dd5f5c02fa87b3f54cf81d1102ff9cec8a09eff576d15653c7be5dc5fcba2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4FDDB147-53C8-11EB-B59A-6A3FD5463AB0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000ea23c6220b7e4f35627b26010f13f4b5e7e6619e92e575c0275c334e0862bd72000000000e800000000200002000000014c7354f235af5faf29110333fddfec2cf3b4f44e118f7f1d97ba5f8a4076077e00000005830860c9e7cd060d8d0df6f61ecc71439c5682d1ac32330cc8aecc8e8df7cfedbdec2322a7bb2c995fb46337d48089e8e52f90b09aa7eee3454cb596a48cf68d8560498d2f5f6cf21cc4bf3795b9a745175a4183a844c5da80d26eed856d96c06d93377bf7f0eafe254551dd61462d9e41e4f0a2297f413aa4da4fc6b2918153783433902bb67e4e0e160580006361db1c46c0adaee624a6fd51d7647cf8eb66bd234d5695c9ca9dc246267142ffed8dda73f35cb9a9cc56e5128364264c2fb11d8736aa0fd52c9e340aea495460d6887c9d90c29c662e4cebb061c30bc3d2e40000000cea7cde24ab6be34a3ba2e65566649b0e42ae76e5a53584f671b2364b03a6af3bf4e09bc5763964b17968d6676033c812a13a2f23a51e9d1f3742b974cb45663	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C5FAF53-53C8-11EB-B59A-6A3FD5463AB0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000dc6f43c99f75c064d645c85ab5868dae2ada6a9f5d37e704b43221480a3f5d33000000000e8000000002000020000000ef3590506c6c56b020590617f957411166d2be934e0527294244807cdc00acd7e0000000049d97addd581739b9dbcaa96fc9d43cd88ef77ba28d8ff9b307fc3c201547dc039263d1cb39d37d9e4d4efa374195a0cd9ab01035cbfb4510e7a4381bacf65e1adcfc5858a9429cad43d874e0a2844bc1af8ded1d2b9f027065c99d3bf7b3c6093f9860f07e77c69e1e73bb15b1015adc2b43d7788b20f654ee6141d48f2bc9e659fdd6737664052e690d3e7e6cd04208afd260dfcd22d28cb5bb752e2f29356aa1a688ab3113d322feb9139202d7c1cd8b5722f724d5ad89c372f834399f30e1c0a59485f48e1b62c504073bbcb8e230497c221360e41b0ca7c2ad4deb38fc400000006ca115a22f98deaf0a283354bf28a22a23468790853418345a391eaafa9cfcf3d9807080a566cb3fc26a9d0989adefc612cb36c14c0fbd0ce38afd90a18a26b1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73D307C0-53C8-11EB-B59A-6A3FD5463AB0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e093f9f7d4e7d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30861269"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000ea9ee381f99ebf824c4d989ca1e3053fc6852b817ac3fe9b30834295f8560557000000000e8000000002000020000000cbed3d902f4d14d128115d89de823adf9cfff9a701bd7f7908855acc92764105e00000000061064339d39f58599637a5ff4b69a06ebe1cf132b80c6dd58e137de077747e61846df4b96839172623c3aa4a41f58d16e893f41faaedb413292b410d992a6afe84bd9c4f15a3572f0aa149599a8375304a5b625caf32f41c8615f7d233d12d8687682cde7f552e194bbdcba0c777894be8376ad3010c33d5f52c78ec0aa29ce4eb455c321855213e53761ac049d1fcb83ba58d662573a3867570abc794b7946334cbe2b7206c0d7931f910f219ccb923c3c4bd4fb85ca0fcea5789c76ce4f9d8a02a8fcd1278cab0fae0aeb874704168509ebd6e7d094276a4a15d754c0567400000002b2a5642c517cfa54d22a15aeffeb683dc32d45b82eb84abe7bbb5ca57c15e2e5a2dda6e106978db57b848d467a36201b2dd1b80967e988fa43ba70ec8e41c39	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a0000000002000000000010660000000100002000000005fe99b1a31feeebaf6ca4217c14293e00b62739841f499a626afc82fc47ba38000000000e800000000200002000000027c1b15db923c3ea665c4aa27ab62be3483c765fa2726244f5de02ba752b578de0000000ed4406b52ef5b575e5e02a5b76957307b669755546609d5de118f2f56c460cd57999c78320d7db59c893871af4f7aa15c1145ce064474bd8ac791b362be5e359c8c5e4a31bee9836a09bef6a2ef12815a791d15a499e38b1046aff40944bd9a0535554fef15b228235ff9dc6d5283d80b31fc0e7530d3be84aafe656b1f93542b37c95c570756af3d51ea5453114f1e7b94eebc56cc6f13e0ebe62c5b6f22489fb3d8a5d5368b02f3c82d32b176adec1b030ceced9f39530c68abd7fe237ad857b7d71c4cd00f73ec38e96652d3ef8d3976c2469045bd39dcb902da176e3be5c400000001133e71723c355955502f819538a61981a9e8e7eb8826b5528352b45a55c098ece036609db977ec099bef19017e3a6434ef5b20d10181bfa982658f5a67f6e20	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 302fac13d5e7d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{486CBA7B-53C8-11EB-B59A-6A3FD5463AB0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000a9f2928a3e5a607a9eeb721f4d5efa4bfcc23b2d71dc83f8cf438f6b1589be35000000000e80000000020000200000001a62683a3ad04925717e9779a0a53cbd7d2fb5314d6c1986c617a906fc2cae9de0000000218653d66031860de7d21eba27068de3a503902238aed883d2114cd492681c901d4ff2562f40627571239c08a56896a9280e73f2fc37cf126124f512946e7c076590f24d7a4e906df372456648cee1829fdf3e92dfe6ee16e604d6c6351dbe355a5ac40d61fee15d6713161fc94d6e23ee99d2b4dcbc719e20ed9990b68fa99d32eed5373d278fb03402f4e4c95fe9515e8607c0b68bfc64fdb4c1aaf634971fcabb3c3734cc88f3308fa9b916007572e8f52d14fd7e4ff2a239ba12970118c531d5f8def10452d90fd6eae5f810e6af864676999363b0be04d1e036d4410c8d40000000df93fe845f5ca67b7e7ae976754d298f64d62833ecd55315f8d3594f75b75f9b2d82bf6a1bbb4a96b94517acbc46b47dc79640df2b4a8293374acbeb7fe147cc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c06c0c13d5e7d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64EC55EC-53C8-11EB-B59A-6A3FD5463AB0} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000009e2654737817f2e757ce51a043766037bd7d1b0b19911c69057bb8ce6e97a6b0000000000e8000000002000020000000eadc6adc6a6c3162174bc21876715057f36ccd01fc39fefbb63e48168c267091e0000000f4ff404720ea8664f29947610cf7c44298206b859903acfc856997e257c732c31a00411ee5832ee104e78b60e5d1c5d90843c80f720c54a8961f9d27bfbe249e00daf83f57d32b90e7a34c75711e0494cff7d0210dc0f57066f96ee84a59165d479d9ac60f616fb041e10ad452d6cd8bf128d7a99a7cafec618b0cb93a427c206c1b801b5dba91eb99dcd10e26b840e2dd9752f47a640770b3ad611459f4bdde9328bad94eef9e361907fccd729586450f86464f71b6e1460c385899c0926343c83ace4d0c089c610e41be343d2b644b93eeaeb1065b4f09bc560c2d75dbdd71400000001edc301b66c59e2a9ca7f3bdf34cf83fb03a3200ef3340b40223b180711458970156c08c9ec076d89d7555804aa2e4f0d7b3e9412205c4a32ee9ba3b2279a524	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "103962305"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000b642d9e78e60fe4ff9f92fd6037204dac4bb4fa1900dd83d421654c07a219219000000000e800000000200002000000030c612662df3c557ff64c3897c7d1219e9a5d01b7067f7eed63b4f072362e1da2000000055ebeaf68e73c5aaf1d69a0eb2e97fd01986514eb7c44d5801b52c4130445a57400000002b08109270b2d1da142185a740ffed2d0768909fe08e6b4d133b8d7c5341ee6a7031183a2386ac3add627a6f89229eb78692643eacbacd077ca97589bdbd9cb9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000001aed5acab3360142230ecc3776c9d3619347a80e01c8421e69f1af10fb382e88000000000e8000000002000020000000b98868ca44b9085eac63b23a918467f5e28faa212cdc4e7335160849e97695d7200000002e6b5cdec24d24f45f5c2cb011d708748677840575da323cb5c0b4b3e69c7d51400000000966bb5e3c199ccb36048d9e9adc9e99e94b93c48bc501e140d68e84be0b5a5bb2b90b8ce7122e8ce6f5ca21aa44a6f6dcc9e32465ad3c2601b47177fa14d333	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000002e3b3deba4592428c5dd96f3ba4bdcb9e3623980e5a047f5e46b0653ec79bb59000000000e8000000002000020000000bdc8dee46c16b07dd001284f4f27939cccba0a54db91d77988eac6c6ddda90bde0000000b079c288d4dbf85b16d7ab3ce0cf8139128c5e311565d7995978d4408b73c48de685032e858c1d60c7ef33860dcd26821f67057b274200f011261934c60af74ae56042d4b48a5ca3c92c63000b4f53320f98debf24ef635f72a2c077d19bb171d9793357bffff669a50eecbfc4858103db5a98943784b65f5e16f540ea878d63cb66185d52a022070559409e88ab5fc7db82f90c8c7376a953980b6d7b9a362b2dcfe14abe57bca638770bda60680ad716e6f5e0cf744bcc7631d9559b7b44581139635dfccc5158c4eb608488a065279da3182af00de2cfbbda39bbd8b3769e40000000c0a7fbec8386decc00c19543a821338f7da854fa6aed0aa794735567960375729e89af5c55110e0b583db0c6decdd7db8a51ac08c1e3bfb9105d7d0b19296fc6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{318D301E-53C8-11EB-B59A-6A3FD5463AB0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000fdbcd80dcae24c611637d99d9f678b098d25cfa596962e9bd02c1a3c6b9659be000000000e8000000002000020000000d94078ac6dcf8db5b39c602851e5d89b2944881cbe405e6ca06f16965e8cd893e00000004338e8a71d47e0e61b06269a0a4c788fe82dab27a807a0c42da513c48e84751423414ae0ce797598bb7b2427dc01fdecc603ae2af9edde247652f465ff271465e9ed8bf53fc1985521a3acdbeca6775f0ca9b7eda249b80fd53433669de034512e133e88c292ef47c00af9213c4f464062a0c491a5806dc7b897b5978babac4f1a92b0bd01488ed5da487ba0445e63c02146effe04a1cb1c3722a927a969a85ecaeb41c34a7b9dcb23094282acdc3bb35bc152e5b1983970048f136d2c24d6cf4f8c1ac815585d39e39bc50adb7570c324d17f114df207eb958ce69392dcd7cb400000009b029999686235f1a4a884ad866ed6acb4fed4eb299bd621b2b67771a06805e9daa9b6afec139fcc0ef9f725a7147f7420aa010310a43591b1785d7c37c38dcb	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000171ee5dcbbfc1d4426485a498a1d2fc69b77960db3072739749d89b5857c7f54000000000e800000000200002000000044be5bdd20d74efcef39b2c93ef3477c0ae283471019a97d225b74c7d607c044e0000000645a3afd1862527d56802668b6ff95b12d5d47ef58d4b8184e074761cb9206e61e34a6e412b8a1813d8715b8b5ae402e0d8f992a7cd0c8e815d722b8bbcba318d9f626c18280f2e5be56decc934d2690410b2bacb50088027754eca8f6279bb85ea785a205459b35e8a0c23265a727be5086faea595958d725a9348af9004a7cb85f6a21b476cfd4b51993d06a99ab9bc7355da3945d18697b6eec0cb4459846ddfde3e257c42d64835d8cc277ea99d0918a468918e3c7267ef8ded76a782ca64d343fcd5628e702ab151c1c908f80eb4084c0b33458f81d859424e8b4e603f8400000009cd373a7e309ed02629194e6cedf794ddd51f277ae25b092a16a2b5b46e9ef868a4f0f1d0d57d7dcdb81a629461a2c32002110fd4e6c45e6566cef2144622691	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10ef2c0cd5e7d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B571269-53C8-11EB-B59A-6A3FD5463AB0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a0000000002000000000010660000000100002000000099262112f6872376eaf9d9b361e00df94d2d0f9f706d5aa0eb0e2b92f805327e000000000e80000000020000200000001c4f29fb56ba4ed8aa416ecb15747995dfb6291a8282a05add2259f6677a1830e00000000c2ec6c8ecb2c7b924c256dd6712e31e3731456d205978a1f63b97f87f2f453fab19cef16fe3fea196a9d2fc507df80c113b17989bc53f19853860a64326063b960ad9eb1ece365ec822dbb1d3766d7ab2da188c6b7ad55498c988375cfbbdbbdd567fd3950af3e1bff2558fb343ea401e887c0f97f1d7ad6f0f86073eb546f82cd277730e4abbf03447a45f68cd41c0f2f61f11e3ed884c6141ab269f0f820e859deb896c9ecddfa56255b1fc27fb7a18e380e3f925d02eeb311a94b6d769f629f72d8b204e250a5d700b79257031c10c4a3515381fa86611128167d8d0e07a4000000054421a862879b50a73567bcb7222fd0211d5a33114ca4bd8314c98c56ada84964cb307fd79adcbb5151685993baad2b8e3f91ac28ab0c273b621ce6180792315	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000a92db7917b1a94deb758c7d50acabcad2d69f31a9adc87a9e3f500c4387c34ff000000000e80000000020000200000001f735683511338787c8bb49dee155f76c68c0d3d3c98b3f2c2ff461d84cdff2220000000e8a2593b11f5b355dd2e26e950b277f5edaab39011154f34be7ed0ad1e8b916240000000a50b88b41bfb22908cc6dcead5298fe577cb326c448076814de0448144163e358b33fc1e0d19b4ac20cee8a9406471462668e30dd53ed54dac1cfac7fe3d584e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{57536BE4-53C8-11EB-B59A-6A3FD5463AB0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a0000000002000000000010660000000100002000000064696da886c1b079fdd4d52bbcb17c5d4a954c99d0b2f50abe3f76820a8437e3000000000e8000000002000020000000265e0d9242ceaf30d18c7149dbbc1466670ce62756bb3badba877601e1341ab2e000000053b47e0a4db753b64c15ccc28c1e7e6374a865412f1db65744098971af18da42462544e0164974cd0ae0a53aaaf8944546585b711a06921cc1d4f245ca09d0ede4a9ff8cb6875e24a282c5abda948ad18c3c177ce8b916313d6718bdea3ce85344a98f4497f595f01be264dd9e1b7b86582b188f8395f0b4e45634f45a201f8acc480525fddf1a6c4e006752d95fa8b1eace63ce77d0f7fcb2295cf2f271d00d4ad0af0a8b0b968f0f401087a1fa4d8411b502fea8345467ca5053733a51aa8bfb3abc487b4d7d3f9d25da258481426d43f3d1137e942fd93bc8087f0d40ceaf4000000079ed59ea5a26bc6aa8e09b7ccbaf347dc821f432678910a08f675197bfdac94c8eaaf7dd8af7e43859681075add5c34f1fdc76af743ee86bde31c132687bbae1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000005f25d7cdc720170bd71ff68cae41849b7e53316086e57a11078fbf94368dc6dc000000000e800000000200002000000092269452b9276a85c9bba4b31caf5e34aa533a2f76bab6463b49b78c6cdf7a07e000000014fb23ed6f65ddba43abc62d9550c40e04c118eec35ce504cecbf60282cf9b468195a196ae2e026583e08d0188d8d25715a21c64a00a34dfdfc4e27b6a8ada0f890e64f238846b6c4edbbc532368490153edcd7df37f54ef4e9bc01ef655d5e48e5c1ae66f6b236b828c2af9cf70c7115007fa22c718cf5467763c9a4ffc76c447fdf883c89ac8bf9dd32e9ec6fc362580e12ec779ffe974894e605cba70415f178559f943261597532aaf684fb7a09214591f03a6511f2235fe6b907cacc17ff79786b6532e62fa25062aece669b7e5de9546082330001e637a209cb55dcef3400000005b77a7f0bf6086c3a21eb5c569be34f8a41c1172051ad59134f754e18d22d0b82aef46a4381156e3d70e2a4d73adfb4b512cda19d8b170fc7ca3ee050cd071f5	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
804	iexplore.exe
2896	iexplore.exe
4004	iexplore.exe
508	iexplore.exe
652	iexplore.exe
3160	iexplore.exe
2512	iexplore.exe
2008	iexplore.exe

Suspicious use of SetWindowsHookEx 32 IoCs

pid	Process
804	iexplore.exe
804	iexplore.exe
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE
2896	iexplore.exe
2896	iexplore.exe
1636	IEXPLORE.EXE
1636	IEXPLORE.EXE
4004	iexplore.exe
4004	iexplore.exe
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
508	iexplore.exe
508	iexplore.exe
1912	IEXPLORE.EXE
1912	IEXPLORE.EXE
652	iexplore.exe
652	iexplore.exe
948	IEXPLORE.EXE
948	IEXPLORE.EXE
3160	iexplore.exe
3160	iexplore.exe
3816	IEXPLORE.EXE
3816	IEXPLORE.EXE
2512	iexplore.exe
2512	iexplore.exe
1132	IEXPLORE.EXE
1132	IEXPLORE.EXE
2008	iexplore.exe
2008	iexplore.exe
208	IEXPLORE.EXE
208	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 972 wrote to memory of 1300	972	rundll32.exe	70
PID 972 wrote to memory of 1300	972	rundll32.exe	70
PID 972 wrote to memory of 1300	972	rundll32.exe	70
PID 804 wrote to memory of 2368	804	iexplore.exe	80
PID 804 wrote to memory of 2368	804	iexplore.exe	80
PID 804 wrote to memory of 2368	804	iexplore.exe	80
PID 2896 wrote to memory of 1636	2896	iexplore.exe	85
PID 2896 wrote to memory of 1636	2896	iexplore.exe	85
PID 2896 wrote to memory of 1636	2896	iexplore.exe	85
PID 4004 wrote to memory of 2300	4004	iexplore.exe	87
PID 4004 wrote to memory of 2300	4004	iexplore.exe	87
PID 4004 wrote to memory of 2300	4004	iexplore.exe	87
PID 508 wrote to memory of 1912	508	iexplore.exe	89
PID 508 wrote to memory of 1912	508	iexplore.exe	89
PID 508 wrote to memory of 1912	508	iexplore.exe	89
PID 652 wrote to memory of 948	652	iexplore.exe	91
PID 652 wrote to memory of 948	652	iexplore.exe	91
PID 652 wrote to memory of 948	652	iexplore.exe	91
PID 3160 wrote to memory of 3816	3160	iexplore.exe	93
PID 3160 wrote to memory of 3816	3160	iexplore.exe	93
PID 3160 wrote to memory of 3816	3160	iexplore.exe	93
PID 2512 wrote to memory of 1132	2512	iexplore.exe	95
PID 2512 wrote to memory of 1132	2512	iexplore.exe	95
PID 2512 wrote to memory of 1132	2512	iexplore.exe	95
PID 2008 wrote to memory of 208	2008	iexplore.exe	97
PID 2008 wrote to memory of 208	2008	iexplore.exe	97
PID 2008 wrote to memory of 208	2008	iexplore.exe	97

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:1300

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:804
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:804 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2368

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1636

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4004
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4004 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2300

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:508
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:508 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1912

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:652
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:652 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:948

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3160 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3816

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1132

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:208

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1300-3-0x0000000003F60000-0x0000000003F72000-memory.dmp

Filesize
72KB

Download