1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7

General

Target

1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe
Size

60KB
MD5

9c8e695c7ff0927d9d58e123b1231fa5
SHA1

0a768b881b854ecec9148ffec4a938aee1b360ef
SHA256

1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7
SHA512

3200505c74fc437c0532d4391620aaaa0d786dc1a03045e346b22bf07c37229cb95c2aaae63282f4cf2bddd5084f56c5be98a7d01379f2b2685a4cfc8e9a1697

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Control Panel\International\Geo\Nation	1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services Windows = "C:\\Arquivos de programas\\Internet Explorer\\6.5\\ccmsi.exe"	1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe

Drops file in System32 directory 2 IoCs

Processes:

1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe

description	ioc	process
File created	C:\Windows\SysWOW64\urlmom.dll	1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe
File opened for modification	C:\Windows\SysWOW64\urlmom.dll	1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 56 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\User Preferences	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30954710"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000d915a77879f3dda5c70c91eaaeccaeb3a869a25d235b153ab6636205b16a7826000000000e80000000020000200000001691331d14aa4e17a5a5a3d92aac02a45b40b166fc83799f32311deb89e1dc7a100000008c4dc17cd2e4c10788a60ba35c6c69e4400000007fc26140977d3816949a0fdf06a9739ef9b17e6589fb6cf0517a9b203926bcd5756deea08c8f9136728b0835992b7a46781f7e69af2bf459bae172751fa2fb3c	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30954710"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D46D466A-C0C9-11EC-AC67-F2EB97E7861D} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30954710"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "357238337"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2885463248"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000c6b2e1e07e3e1697891b55d539e2fb76eb57cce22dfe18217b09946a32c3cbd6000000000e800000000200002000000006bdde71632927e12641c58b1e3b7744b71cbef13eeb06337500d09a6546ab52200000009c2a43304980cd87e47390d6b0a3d1b94be2ef9b4a44e7543bd7b6e4d2d5314c40000000562d49283e8197dffb51d4daeeb2fb5376aa040524612bc3df014b2b0a86030cbe7a2230ca9a72330da06e2a9c5912c489df6ad46f19f65adbdd56d826f6daa3	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2885463248"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b0915000000000200000000001066000000010000200000000fe6229ccc36e6a74b04077a4065682a1282f6382ebe31a2051fc778bc51a907000000000e8000000002000020000000924c775ce4239aeb27459b2075706921623ab3cf5da4f94970f116a5da8369ef20000000c3395c6b14a951613243b51c5cfa92519fd085e6efb53c16b64f9e727790ce12400000000fd8bb56106d83973c8edadf3a23ef5cd2d4120677abf715afd730a4be578af195b9127d20f0958e9d3cdcfe9a87373f289e8dcd77db06c18d58878ec221c997	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b09150000000002000000000010660000000100002000000072885dc6160e213851c0f7d65e5bd1066ab544f81aba68a49bb918abbc547a91000000000e8000000002000020000000c89be67cec21680b78dcfabf1eae3774afbdf4a91f01d36782c8a781127c0cda50000000708776dfb4b481efdc37528030e6618b3a9183187c91936690621e77bb20b5f0f4cfea98ea0558b13ab93f39f61ad9c4985696ec0c5f1665ba59a1ae336cf85a26bf14c5617f744d07574d83787fdb95400000001844087a1b78ee7f3f2aff535bc783a4d09caf722fdc507fdc058a48861b96fc28f3d5081fa37c7dec9ed1468c47d49e2dc65b03a7d935428927e612397e62c4	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2886557966"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2886557966"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30954710"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = f982cdb29d50d801	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 400ae5c0d654d801	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70d9d6c0d654d801	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

IEXPLORE.EXE

pid process

1912 IEXPLORE.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

IEXPLORE.EXE

pid process

1912 IEXPLORE.EXE
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXE

pid process

1912 IEXPLORE.EXE
1912 IEXPLORE.EXE
3148 IEXPLORE.EXE
3148 IEXPLORE.EXE
3148 IEXPLORE.EXE
3148 IEXPLORE.EXE

pid	process
1912	IEXPLORE.EXE

pid	process
1912	IEXPLORE.EXE

pid	process
1912	IEXPLORE.EXE
1912	IEXPLORE.EXE
3148	IEXPLORE.EXE
3148	IEXPLORE.EXE
3148	IEXPLORE.EXE
3148	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exeiexplore.exeIEXPLORE.EXE

description	pid	process	target process
PID 1436 wrote to memory of 4668	1436	1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe	iexplore.exe
PID 1436 wrote to memory of 4668	1436	1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe	iexplore.exe
PID 1436 wrote to memory of 4668	1436	1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe	iexplore.exe
PID 4668 wrote to memory of 1912	4668	iexplore.exe	IEXPLORE.EXE
PID 4668 wrote to memory of 1912	4668	iexplore.exe	IEXPLORE.EXE
PID 1912 wrote to memory of 3148	1912	IEXPLORE.EXE	IEXPLORE.EXE
PID 1912 wrote to memory of 3148	1912	IEXPLORE.EXE	IEXPLORE.EXE
PID 1912 wrote to memory of 3148	1912	IEXPLORE.EXE	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe
"C:\Users\Admin\AppData\Local\Temp\1d666de34d6ec9d29bb61134e339a4797cf7db23c0df65dbba559e7c483a57c7.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1436

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" www.google.com.br
2⤵
- Suspicious use of WriteProcessMemory
PID:4668

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" www.google.com.br
3⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1912

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:17410 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3148