hxxps://www[.]paperturn-view[.]com/?pid=MzM332881&v=1[.]1

Analysis

max time kernel
147s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 14:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.paperturn-view.com/?pid=MzM332881&v=1.1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 56 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "64935101"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2DBEA5AF-0AC3-11EE-9156-6A765FEA1DF2} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cookiebot.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "42005492"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.paperturn.com\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "26"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cookiebot.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DOMStorage\paperturn.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d444180f73fe464791b87b5757f9639f0000000002000000000010660000000100002000000078a9b52c80e8a7e53348e1ce9669ea208fbafd984c47a2bb1c444f0473c5429d000000000e80000000020000200000001590f034fdc71ad9fe6cc17bd0c9534b1b874fb426bbe59aa237bd12fdd09b17300100006b7c1d9f53c4517e8fe1b19abafe13d89d560694521905a1e5ab3bb4b7dd546bd155875049e519874700cfc703e3f5de417cda06cdcc1282427a5f75bf8b154693aca87bd51ee1aa7032b82287b59fac439b96ccd6d9af838f4cd0eb68aaded4e44b4e4e081fe9f1b6f0a5f441f6bc6f70d6f2eca45a0c9dbc9ac6ec4e9f6b93ac0aab83b90d6a44bcde36fd80eea8206087d91937d0803c161bade89e7c29bd19156a42136c4f4a0401b769c49a944168d0c8890a2df51bc940786a499d58c3a42b45c4b40875c5fe513bcf3990153d09d5f0db34772816c2dca843c8d43912c117e9cdd6ac5cd6bb4572b08be9c9acec380c6b3eb3f72744899fd4d4acc5560f443a9204ef9869a25229ea686d44246c132669b39f6c327eadd35580ed5e53aed45e71701b2db1ea0edfc5022548f040000000aa2db6aba7683f7b2fa12ad4665dd657be369a5b6841b80be08522781d383d637696cbabcce58737f67a0262a808e073acb35c93d15ac813c1f5effccb91d950	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\paperturn.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31039184"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d444180f73fe464791b87b5757f9639f000000000200000000001066000000010000200000003444a30129b4738c8e858b743266d02f32f5a9843785a2b686f2f99b0c8e74f3000000000e8000000002000020000000e3f3f833b45d4041135bdae8501b68250b7a50fc331ba703099f12f84bfeab63300100002b94f9986c3c694987928402151735a096c2bc7c70826a1b74b8b86575377d85083d258dd56dd0805daa1847ea02893fe7ce245f0616ce2e5ba9ef41dcc09111354d41250b3624c101340c908557f7850c4010ceab0d7fde31304df14f94d4c7cab794de39e1647bb740f0ec907b67f9ed244d67e49d6da942ba37dba5c978fd8dfffef7661d13d990185807e0dd79ddbd2f1bb141578e9480b073609a66b9d1c6c0f8cb6c6426f48ddc458c2fb2bb836be2feb93491ad5c4a1d64d702512de43b8ba3b7f2a760fb9b6f79c716adfb14aa716e3117b729d9aede048a8d689be8ddf7b861ee0e05eea82244f3cc86ced24be11bdcd5fe2ce32ac75ed6caada36c5feb924417c26575ba2bd57e1b0c4fde51753e70f8c1256994203c77cb894119639ca9e62cdcdcbbad438cb2697f0d5840000000e7f7ed9dcdd20e7c28920c3a99aac928cc2da3d637723299e2fdf55e23aa72478b539ee1da8204579efbfce0a2452d5f8314e66b01897141dd11451f7155755d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DOMStorage\cookiebot.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d444180f73fe464791b87b5757f9639f0000000002000000000010660000000100002000000057a848c266056f685a3eaafc29d2030b230585a95725a1d6746478c084040061000000000e80000000020000200000005c109894edc66da22d94a42cdfebc45289077032695521abdd845961a8b7560a30010000537e1fa4cc481605f23947323de611c5004db7bb82ef6f4d40db3ccd59dde47d225779231d8f12bf814bf205d1ee28d045c5a9872266a246e1b72adbd9d5e8512b15eab5d40baad8b69ddf293aa7c74187857ab052a7643f0e96bd2e4fbd2b4c0e58b45b6db185e32f149a997d639216f7dfb6c3fe0384876f60f9b1581ebebf9513b20c10d112733d2cda251df6b806ffdd3579963da0ea42471e9eb52dd1d2541e7d6782d2f8127b32cc59d583690a1bc5ab2a29ae7c8dd6c12412a3cdcece61d12e46490f251a7499088c03543aba05c6bcb3527ef764b41feeded1e4232126059090755e1ab9c8eff64dccf659b1d169e1fabace414589c9da51581f21bbaaff1fcca0e79cc0b6fc1127a888ed1b1c0526f5352eb05dd22abcf9e29d6841887b662b26f85ceee23229e6cae4e20b40000000a2d997c3dd6f5134e8178eb231d34e273433d3db29857bf221603cb03cae228e9abd52b8135b3c4ca5e80015de7b676a31f981a6eb721ff525848850f3fa693b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "42008560"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\paperturn.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\paperturn.com\Total = "26"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.paperturn.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.paperturn.com\ = "26"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d444180f73fe464791b87b5757f9639f00000000020000000000106600000001000020000000d1b39f4ac47779689780a8a8b0105372da2c5ab8c099563682ceba1f801bc104000000000e80000000020000200000008f7e543c646e5d09ae024901364e3f4d954840e762d982b461db2c3f4acd3265300100000125df81313cb223baf867532bc7aa55d816b5c964e787fa515bef59c56eb7402a9606315454e1e99db06531c6b4959e927360489456d818bdcce0b4ef16bd97533246eeeb3c9e9cfc6bcf212b7f48f772edefe85bf96614b1f1430b111b5518fdd34291d2eb4d902f485c0cb9a8de24e3c43c9f1ec800a72677f64e80ac43b1aa89e2c3662cff013c5a098f50edd4f0b5c9b720df688d939186b89fe45ad1a8f064755f2a356e8bf31c702ccb01c3a24b4ba80fabbef1430604d01e5f2b0a22743bc4f6f6434c72714878721f494c3ea261175022fb1c282b47b8039a2dabe155269e690719e2c02de96173eda899648abc52d51e97bb0464579fa9b02053b4da4019b591eb5671c55b1eee31dc066a9d8a46d3f054020c2d3f01a735f40f808160eccc6755b9e0fc21197b44de14f6400000002b396bacc90fab955285972057dd680cf96116df8895f48c4cc0a7fa9d42795004b01d2a5782d4eeb308ab1b0c31387f35bcec98418ea79d6ea5273382d080a2	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "393519366"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d444180f73fe464791b87b5757f9639f000000000200000000001066000000010000200000004405f8d2370439b377de6a2a6f06e31932832e5bfa5bee04198a3bce23490325000000000e8000000002000020000000ff968ed9dc23e988128696b5fdcd8b10ef721ad989297d4dffe3d6a80cce41ee200000005e80c912eadf3c7422879afc856c5486f6d2597f1720a6022eaa935902805239400000002f380c4fb5d7a5a977926dce4507cf4bed1b3c0a03b183f19ebf94d8e55eacd2a5d8e853233133b2ed03b2b03435f1aa84832678babd81a7fdcef15f16f9ddb3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90d3000bd09ed901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31039184"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31039184"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2548970870-3691742953-3895070203-1000\{96DFB2D6-AA40-4224-B361-AE121E34A4B1}	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2548970870-3691742953-3895070203-1000\{70984AC0-5680-49E3-B916-574046FFE5A7}	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2548970870-3691742953-3895070203-1000\{04786FA8-9EDE-4EB5-A360-A7C93415F3FD}	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2548970870-3691742953-3895070203-1000\{FBCBF767-7D42-43EF-9912-074466B836C4}	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 56 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: 33	1428	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1428	AUDIODG.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE
Token: SeShutdownPrivilege	2600	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2600	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4628	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4628	iexplore.exe
4628	iexplore.exe
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 2600	4628	iexplore.exe	84
PID 4628 wrote to memory of 2600	4628	iexplore.exe	84
PID 4628 wrote to memory of 2600	4628	iexplore.exe	84

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.paperturn-view.com/?pid=MzM332881&v=1.1
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4628 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2600

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x38c 0x36c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1428

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
6ed1b9e0ada67cd4e13ffe2ebff3202d

SHA1
26e57e0292d9b0fdf705748d723c197e50225bb5

SHA256
e4256833d3e11cd58e3725ea44482597742a652041a44b3339d371739a6e5735

SHA512
749783679cbd1f6f06ea031c22cc262152d57da36acf3778ac54717f5d9400aa0ad388b9898f5b0ff9bdf666f7f4c4ec590f770d48d1bf4301d05ad944746a33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
ec19cf97445ce15fe12aec131ceac670

SHA1
9aa48008967af0276461900787e7212e39aa1d5c

SHA256
6bf282703fb46498f6f5ae8c8843cb6ca2af4f2c562fe793f4a108dfab5b2a44

SHA512
58f31033005596ce53d6ddf0c66492db957cbbb9a695b5132244f321662a73cdebda9341c3f210035a71d6ecb0e670e5b8236f1ecda2e1f2172a1600d409835c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NMR1UDUN\www.paperturn[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat

Filesize
34KB

MD5
6faa00b8693bcea66ad0b6788bbf6be8

SHA1
2f6f608bd195cb59a23940f76f0205124a0b8c8c

SHA256
583743500d8721d0651dbab92f709e47a3ff7b614ea137477930c7b918467998

SHA512
40b275c5d25e3e259e83d3781954274d2da48fc9c7bcf783fbc0c2cb9d0db4eb1380cccfe567932bdf2c2495be363f5cb777f73cd048b316be2c008dd1373b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\Montserrat_400_normal[1].woff

Filesize
18KB

MD5
b20cc131034316b1c85d0498fb9ed5c5

SHA1
ac2cc2149094816f45d610f6d7097c4237ac607a

SHA256
d0701b4b784dd0fa0c69a6d5ce17c785afa4465e53cab2e8262cd62ecd60cbf8

SHA512
742694c1d0f9ac703f9f38939843bc19b6d9fe76e8083211189ec1b08a0d035449932c12860fc0d961d7d6e14003158dc87b448da6929b05839a6f6566606dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\Montserrat_900_normal[1].woff

Filesize
22KB

MD5
186cae8091da578150d81958e217714a

SHA1
c162578fafc20ba4b78a63097d85e19e8fd35545

SHA256
8eb5e6d14c2aa93323591388a47cb6a4800e346505889d5cd44e4586392fe1c6

SHA512
0511f99b4b4cb55cda69d642a294e789089d00a2832aea12cb73e386c9a1c0d5639eb8a812fd6930a397ff126da4597a48bef019173146d58958ded40c1a99e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\OpenSans_300_normal[1].woff

Filesize
20KB

MD5
0d0d7107450f05b72a4507d0d7687dd1

SHA1
845bbcd4bd3d110360a1994e213f709ef73ac6e8

SHA256
a5d937d8ccd079f0088d8095ac27f8387ac099382a8201ab903962a37a41ca1d

SHA512
5168aa05368cb22dbeda191f0330569fe1b96fb9ed98e90154974c8c7593e15600c0e054f3b7bdabd4c6a4a0d6b0dd6fc1dd26aa1ae1bdfa022fcdcdb23dce81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\cc[1].js

Filesize
218KB

MD5
5019aadba8a8ce264c1b29196d8859a7

SHA1
c6f2e2ad225b7d0892e117f464f431afac546dac

SHA256
e4e82a43364a7d3b4eb6ef231e46ef99e8fbc335db2f9769a68d7c258b6b7e4b

SHA512
d7843ae8dbfa453ac2f0baed9faa4b64ffe4c4b4b3c951ce64cd09678ee7e0b055308dd5d15ea49ec9569ae19a53a093bf65ecfcbc18ed5c0b0b40bf0a11fa92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\css[1].css

Filesize
505B

MD5
11dac9147633e64f5e3bdddfeb403bee

SHA1
78b4a0c02e3dd8886c8214b1e2f15e36f9ae24a9

SHA256
304b416fbeff097f3d1c12c6428a968b00291b0f05939e1dbb6ea9c569bf6960

SHA512
57c4aaf4acded211eb67b818abb13e618efa0f2afde5c828bf1e769538ee5ce533ec773f1c792b099bc5194ae0321e5d3ddcdd3412d96c5bddf928b24ec5cfc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\fa-solid-900[1].eot

Filesize
189KB

MD5
89e02bae13c9131c7468b1e729339ac1

SHA1
e13aaeda706af85d9382d7c39f5a3f79d612cd31

SHA256
6903de6f003f5a26d7d0c94a24f73179b2b50222676dcb396dbc8593ee3ed52b

SHA512
112de435b8832401337a480a1b81c7fd5fd137dc8cad317f05a6b254fe3f8073fef6baaffc4721f7ba4be9140d7ec95466fb75b7333baa168249c48555105042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\favicon[1].ico

Filesize
33KB

MD5
7bd00d61753f51d8c2d4a97d56cad1c8

SHA1
a2776d91735109826cc8fdd920dcf73dd34516aa

SHA256
34c2f3f223416d4465d064d618dc58d1ee3c77653b46c8151d5e2629d4cf31fe

SHA512
9b2b478dd955ef61cf8cc434558993df41c54605b92ee1a4127a29748468bd6c776408e88608206967093bb3f93abae8ff54485d573966febc6ba48e5ee66ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\angularjs-lates.min[1].js

Filesize
166KB

MD5
0a78de5d52ba86567e31cec4647ceaba

SHA1
0a7c62953e99339365549680464b790193b7c0e6

SHA256
62ea58f15192d36f0da760964a6d8859487a4e50703b8a18108bf5946209c00a

SHA512
1918984f04ec7e6aa7e3b4bde680010bf03eace4bdd6e300478291e8bf72607a466b6221fec6f552044e5c7801bb46a0e1cd46fd4c7af29f2f50f352b547d083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\f[1].txt

Filesize
43B

MD5
ad8b6f08655797587cdec719a94efe59

SHA1
182adf5a140796f81e930649d05654dbf22fd5b7

SHA256
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

SHA512
519a8ea7ce2ed8661cc72d58bc0c02e721ef8e64608f4d2e26a56a970d43ebbf21bdf579c543ee1dfd667da8f87467c60111a3e6d246d435a5c2d066ab88efa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\free-trial-pdf-flip-book[2].htm

Filesize
47KB

MD5
0f081ba160a0459ed874fe4f696fe89a

SHA1
c79423938b938bc6abed48d16b3c4fde5453d942

SHA256
39a1bebc624bd9f7791d1bb27875a50ed4f0c6593cc32eb28d5fcecf72c55b2d

SHA512
fbf11fcdeea3bd7f4868e97b8b3e9efb581fc8d0ac4208e7bd8db63ba56ec068506ebbca98ddc538b1a010947317ec4f987be78ef2747850b240bb0dc82fdf33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\mini-69bfe98eccbae016844441ca0d51e5dc[1].css

Filesize
212KB

MD5
2bb26961bda36ea102ace63fcc9fb371

SHA1
b2a7d8349d15fc9347a4bd99ce6a7d1592065ac7

SHA256
b4fe273a343843599c4ac41809c560c4cad0a735303754b49ebd1bb47423d80c

SHA512
013e3c2f392e55e0a4f46c7efd59d9e506817436941799bd48c6e9abcd414db3ced70ec30e1781518a59b8b3e04cb1e3c833bb0dccc9ad1e62914e2abd01d61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\mini-a0183365de55bf4e02b5fea1e890dd6d[1].js

Filesize
164KB

MD5
8c7d861cab0a1c823b8583edc9b93fa6

SHA1
3b742c85948aece9f58cce2b419c85cd261f3fa6

SHA256
498d21a7ef9baa211aeca66bafcbe916be9298d7a141e5dcb180dcdc43e08730

SHA512
4f5d90822712bdfebc8cf6ad97fccd949a6b3806e28b77aa61d20cb4a9dc09b82c8d949721b56cd6003ba6f4eab1f32e540e4fd4d6a87908313c7eafa7a2ae28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\uc[1].js

Filesize
107KB

MD5
1b6db9a09a0525a273106c330843431c

SHA1
c0ab167aab1d305ffa45a550120f91c288671f89

SHA256
445a40338fb4c488b9b8432ec3014e6fda1e95370e87f33fdc527c06d04dbaa5

SHA512
f0e921f56a26f659706b7440d93c19226cab011901d04a9706da950eddebee5359ad1a7dfda801698fc263c64eac8d7fce68ed78921f7f48102eec5e5c04a8d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\OpenSans_400_normal[1].woff

Filesize
19KB

MD5
ce659615885f33d928eb7fe276574106

SHA1
84f97fc997632d2fffb788cd07c92241f178a9a1

SHA256
819747b05df4938922997e60e199603ecb04f4d987331ba5c3f7db30a835c3bd

SHA512
938099e7ac8c58ee66fc954012f4ad3d5df29f2f886a001017bc07294a5cd01d8b40beda31881a16412234ac59d824f82cb0f7de7dd25fa8fac49a6054179734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\OpenSans_800_normal[1].woff

Filesize
18KB

MD5
c6aa0c4a601fb6ac66f8253fa594dff5

SHA1
35a06882e0df78a568fa526d384e3a55d368c81c

SHA256
03f832f4dc715772a6686ce7cbe953b2dd4d88236ccd4fc93a8b62b279d43ac5

SHA512
fe1df2543ec83048b873f2ce96dbab263c5f5fc71a4025c11b9550e3e8e21d72bfc3ab6c123fcffec13039d3c76c720293ba6967d1b1bcc1e0131703216c41a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\bc-v4.min[1].htm

Filesize
627B

MD5
3d08665fa4c7bcf9fa2dcbbc7efe1d0f

SHA1
ba57ecee011a4b99d4bb56707325c8e4d0fb8a2b

SHA256
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

SHA512
e86fc61d20680f6f486c61e3730aca4cdebee3ad0670c69ec177691ae979f81951dbd409f8cda648ab2ebed13c5a2bfb57174fb5167eecb15300b807fc7bbf3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\fa-regular-400[1].eot

Filesize
33KB

MD5
3351f435b3c9037fd88aeb04dc1e43bc

SHA1
af1d634a307219795957412a586abaf626f4829b

SHA256
dcc69087fbb811d2f197f5484fe7a1d43d5c7ba64a964618bf1f66fe088c4595

SHA512
48f4d86aee9d5a80c80f50e57362eff1f96fe6d9e1240d7f7314c6c0dc40cba27b21a9baeb76405f063c38a533535533341b55f386e87e0f3b1f4c12d906a10c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\fbevents[1].js

Filesize
107KB

MD5
54e57a5d89650a4f49c2aa7c21ce0764

SHA1
5b3aad7e31321dadde5b15daa71a3ee3601de2a7

SHA256
64816ef42196992f1120608cafa36df8e03c81064551abb6f23bc00f69bf6727

SHA512
19599c61c568c2e86cd7ac5abbf10c7676657f066498cb3b4ca90cc7bbedfaeafef4e8b246c6102efa71d8ca848b61215b0b74aabf9b04c7b403fbfa836cd719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\flUhRq6tzZclQEJ-Vdg-IuiaDsNa[1].woff

Filesize
161KB

MD5
3e1afe59fa075c9e04c436606b77f640

SHA1
e4bb7c1e40d3febee58df963db276b2bf68c117b

SHA256
fd84f88b497040d4f7d5e8c9f8635aef8d3e706c0fa52e2b6facf14eee87e522

SHA512
d60da32bdc3542b7c6fcf766659d982fd66816705d6f8fa11785410e507dcaef6b319b19e58528a967a4b705058d9c9b1c5f8f41cf33da6f7957b8c6604cffac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\matomo[1].js

Filesize
198KB

MD5
ac6976c577d35263e75c996234e0088a

SHA1
6559f0e4378c12c5580ec8a6c450b860424efc98

SHA256
bb80085ad0a71622611dc510c46bd86edd53d05a653fc6d3f1c07c5bc21263fc

SHA512
b2f90c18ef4ae0496336abc89d748d4eddd1c5126dd9c239b37282a021b0176fb317469756692b6a57111e774b95728097b11c1c7a9f5d6fe2aabc45dbcee61c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\mini-5cb1c85da37f91aa5344461c3cd687fa[1].js

Filesize
189KB

MD5
e393dca30e7dccb67a766f830f750df0

SHA1
d54acd9b5c80364b9618bc9f09cc47e83cc909b6

SHA256
0cfcd1637e94ddea058ff23f07bc8f765342ae60c7d2c0726f69cca20778d4e5

SHA512
f79979c1cd1fd7b2e548b93c42bae30d9f359f69c0ba260dd50810c26c5085ae29bb418b6dc471c2a26a13d465711ebe61f60bc4376795ad7ac85e5632e44848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\state[1].js

Filesize
30B

MD5
8fabfd3bb9b067b11ad664181b30fa66

SHA1
0f93d4d0300c0c736a8c18dbd91eccdb4dbebd4b

SHA256
b97bab9bf4fca8d386ef5fc83cd58b492f2132e2d28053ade2f212a8b151b0c4

SHA512
d5dfc67915a2ed567667fcf04bc807a3771f4938198cc7297fe9e37b5550ab57b7386017a6e9a6da56db68ce92b2876be2514525b6e0b8c94da53f4eb5847585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\Montserrat_700_normal[1].woff

Filesize
18KB

MD5
81826529772e52f0f14a4c73c2f2c7f1

SHA1
dd7c8f645e1ca6b0df410afdb2128696ae119ea3

SHA256
713bad35e12182d091cff60cd893719d62b814b836efe3c3b0451020da5c1471

SHA512
45feb11f86ac5f80a9cc6635876e6bb150eaed4dde05331aa8595a22a1217415e2baaf39b43819d10717f88a6ecdce3aa622faf7ea887c78a506b6288f06193a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\OpenSans_700_normal[1].woff

Filesize
20KB

MD5
72862e7cf19603ad24f26baf86dd0e08

SHA1
4bd3f3f26f7a8eb357a09da8636390a28a21f826

SHA256
16c11e59500457a4d210e5584e57cdce82015483c1199119b562120e6510a67a

SHA512
f05c3a1a044aa0df728bb56496f8e7388c3f5c4755018c0f9b380afd9fbff581d280ab0d1c1688d98ba125f213c4876eef631b876ee529ef3b5076e511676d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\all[1].css

Filesize
55KB

MD5
2a0e11a7655cf7af50d9152727c134ef

SHA1
136e6626dc83d228b50416249fe05864ab065e40

SHA256
9a680b90260b5106d79f4075491ab31daafa7429eff686453c40b58357309649

SHA512
f41c0b015aaab7aa05757a213cbb8d1f1871dfa0558f9b864869a2ce4986920977b8c4a035a94a73fb26ba6f86254fd34cfd23cb4fabbb00b7c4d024dc5ef9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\app[1].js

Filesize
117KB

MD5
afb64750d9c110c9c5ce755f0f8882ef

SHA1
46f901b1ec55df1adae22ecb6a12c3a69f006f48

SHA256
193da2aab16305057b44507850410f3964ae8a1e5dd17c840bbbac3e419b7cc6

SHA512
d84ab532ee7d8fa2ae5ce26a1d55a4dbee8b1ba79fb84102233980de745872fce33dff4b5d9855497f4baf4d3987e606a62616408e5214c7c0adeb9049a9c667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\fa-brands-400[1].eot

Filesize
129KB

MD5
57dcda6f368ea90179f75cbdae96c263

SHA1
e6feaa7a93ad42acb348529c9a684a0cf5cbf2ee

SHA256
c51993624f2dcdaf8d7b91221e59f86e2befda0df3d13911c0c80467f3bd293c

SHA512
a5d67698788e16c60f80a17af366f52896db2784861247c4fd653f029d0d53e029ed024ea7e4cb0348b90221dabda4a7cf3b637d91687ecdc60c142fde685c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\gtm[1].js

Filesize
220KB

MD5
fc3e620e5c683e6a5e44ecc96ecf98c8

SHA1
c95dd4c7647c3600ad2f828bd29f7fd2819b18ce

SHA256
f35f35145709909b75f44a4312642b0b1ed82b0a055f2b6b62e4870bf7b14ee1

SHA512
8d8111e9f275782d78d0bf95d0916dccddcc0baffa558f92b85ecf9a1485f15aef009a10d49d559664ed3d3ee78573b01dffa94e2103fc29697d0adcefabd70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\iframe_api[1].js

Filesize
1KB

MD5
2222be823415215a34269e687e3508cf

SHA1
4c106e9b3aadb375fe45079b9384349bc9e901fd

SHA256
45a58a31401b8ad37166629c0595966c3612fcc795266378c1ebaf1ff6982d01

SHA512
9303fceb2513eaee085da375c383be8e65772cf810e1251fc068d65ad9eaf1a86f7828270f41a0fd107eefacdef0601800ef9dbcd5b80a7b01b46eb1b4dfbb36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\insight.min[1].js

Filesize
13KB

MD5
b846c9d158853dd4aa95d3d7407ed8bb

SHA1
2cf0eb02a22e8bd80d19a50a84593420d777d5db

SHA256
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

SHA512
62e95eed5842d2c4e263b3cd0668af061fd14309db168837bc17d11666d900dd029913b4d774134508e91a6b337a4f28e820da19dccc125262f205596793dbdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\matomo[1].gif

Filesize
43B

MD5
df3e567d6f16d040326c7a0ea29a4f41

SHA1
ea7df583983133b62712b5e73bffbcd45cc53736

SHA256
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

SHA512
b2ca25a3311dc42942e046eb1a27038b71d689925b7d6b3ebb4d7cd2c7b9a0c7de3d10175790ac060dc3f8acf3c1708c336626be06879097f4d0ecaa7f567041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\widget[1].js

Filesize
43KB

MD5
5ba33f379a2674de9ffc1cb27f39d7d6

SHA1
4d91f8067328cdee9175fc46d846056e1855fa3c

SHA256
f410a3f7fd756255808c81acc7244e4682a90f15e941a1eba37065aa6cf7abd7

SHA512
18d50111d9f79bc7b3490ad23d4288690a10945e6526f4b8ff2316b309f2f6d6827186e6ef800bf2eb133331396e730fa7c7e1ba690ba391b353a4dfed6faa20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\www-widgetapi[1].js

Filesize
196KB

MD5
acb94488bd5075d3b888cc552a681db8

SHA1
c55ba074f4e40c5e48898c56dc82cb2e45cf2610

SHA256
c73c62a197d10f93d2d8663b63d56760220a60c7a1d1fe38f847742e2da06b1a

SHA512
61bf30c92dea0b3542c8278edd1408a3d2630cd7bfcf381d80dc6d50e0fb2eb44e3f48b006819800f7fde447f200597e22f53badf3e6f4433fd06508e691318a

Download Submit