Analysis Overview
SHA256
392d9c1f05d8f8d67fbca464690af0d925046f05edbb75087b16c277627b5238
Threat Level: Known bad
The file 392d9c1f05d8f8d67fbca464690af0d925046f05edbb75087b16c277627b5238.bin was found to be: Known bad.
Malicious Activity Summary
Ginp
Makes use of the framework's Accessibility service.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
Requests dangerous framework permissions
Acquires the wake lock.
Loads dropped Dex/Jar
Requests disabling of battery optimizations (often used to enable hiding in the background).
Removes a system notification.
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2023-08-07 20:26
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral32
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\chmod.js
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
142s
Max time network
157s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90cdf18e6dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31050093" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043db47ff6362a24abd0df5a96fa93c46000000000200000000001066000000010000200000003337ac17cab7fe99fe2bdd385ca3313ae9556be90e7a2d90a74a0638b1dac828000000000e800000000200002000000015072ca9c6188ebfa9c197f3b5e005f05b69d0435f25602c52b056ae77c7160e2000000054e5bfd1f06e0f91af569d3543b5db9983ad857a8f4f7738cba97f57bee6dd10400000004dce9eafd2cd9c765032f167431b6024738087b06d1c9e9b8f44f10dd55554ac96f2ba74554884226a9ba0085822a09ad77328ce35c67d348bff89dc291d941b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b075e38e6dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043db47ff6362a24abd0df5a96fa93c4600000000020000000000106600000001000020000000c3cc9ff8271ebde7fbd5abf5705a6e27f8bab6316bf52b222806c6d1f2a77d88000000000e800000000200002000000074f5b8cc5053c0b883acd04ff8185c7c1aa228e2c0855c95ee25cb9dd78b467a2000000040b3e105194bc771ae9759c239e72f28322fd7dd624400da859811079b2c8aea40000000af1e8ab4a829e25f348f7d6c5af1552c367ca74e0d8e27d1d911baafad37b123cc85e53ad26201ad1f4947fbafb106893ac8af335b8bf1774a9e66a1be3c8c02 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2357900599" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2367901046" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398204976" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2357900599" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B7D4E1A9-3560-11EE-B651-52929AE94110} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4148 wrote to memory of 2008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4148 wrote to memory of 2008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4148 wrote to memory of 2008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CertificateWarning.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4148 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.1.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.151.224.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2e7e93f2126e4a2ff494ebb8cc3f1849 |
| SHA1 | ebf3f3a0c44aa3fce72a034ad73b2b75d03c3f8d |
| SHA256 | 729cd0fbaa261cb2a586c0260bdb2233a25cb5e00431e4b3286317201ff97f07 |
| SHA512 | 2d19886463098e7c80e386547e5a7ce89c7e9e57240412d318e373dc57c4c938b3208066dcdeee24c0e9d6590eeeb0efd0ed9b6f5a6a01e8a7a77ef10686623f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2e36f3cef7a2ffe20695635dfa71228f |
| SHA1 | 0fae6b13bc7a3cde8b9ed7857d9e86e78e91624f |
| SHA256 | d65db39b6f47ae702774e79d1431ef2ba708346b7fa7eb75fd6b8e7d056a38f6 |
| SHA512 | 418b6a1d53fc7971db175ceaab31b1513bffd3a38df4ff26da7bbe3e95f0ad723dc9a44d7ab1fffcd36d72cd4fdaf8fb1ed9456a9ba65fbc5458dec97f3be720 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5XLATO3O\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral11
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
141s
Max time network
157s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\OPENLCS.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.20.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.151.224.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
141s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\angular.sanitize.min.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\base.js
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
android-x86-arm-20230621-en
Max time kernel
3518004s
Max time network
159s
Command Line
Signatures
Ginp
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.getInstalledApplications | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json | N/A | N/A |
| N/A | /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json | N/A | N/A |
| N/A | /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Processes
unknown.decline.return
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/unknown.decline.return/app_DynamicOptDex/oat/x86/RxLyO.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| NL | 216.58.214.2:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.206:443 | android.apis.google.com | tcp |
| NL | 142.250.179.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.251.36.10:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | gunfirebob.top | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 142.250.179.138:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | jackblack.cc | udp |
Files
/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json
| MD5 | 399ad44f3cc66c9f1d473882d75db038 |
| SHA1 | 2bda8a9f0f9f59e40b28eddd444d08c3cb0cec82 |
| SHA256 | 1f563937a4ff9e143e0b00032376875c7cfe2d76e14d0675585b1bd2adee98d6 |
| SHA512 | 35ce54d7768cf49f7344ffba65ec6a2ca55fcc68fe9d6f8d50e68d6a87b38e38ae504ada75c44173a380b89afbd395dec1a2e1c0751b51e967386df8425737a7 |
/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json
| MD5 | f0141bbe2b96842a489d9a97d7377658 |
| SHA1 | e5d6c7d6c487e8fcfcfd593d3d63e55f37026aeb |
| SHA256 | 356ab89ed459e9a7cbb9b39ebe9d2aabc0991cb1308bdba3c645a01ee93093ce |
| SHA512 | 0c0e42b8196974a6958990e3324d10ef255e4ec9642fd6c397ae6dda9c7c0abecbe6559ddb4b79fb7154ee42904d12c4dd300a1ed1483113f6c0d7802eaa975d |
/data/user/0/unknown.decline.return/app_DynamicOptDex/oat/x86/RxLyO.vdex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/unknown.decline.return/app_DynamicOptDex/oat/x86/RxLyO.odex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json
| MD5 | f0141bbe2b96842a489d9a97d7377658 |
| SHA1 | e5d6c7d6c487e8fcfcfd593d3d63e55f37026aeb |
| SHA256 | 356ab89ed459e9a7cbb9b39ebe9d2aabc0991cb1308bdba3c645a01ee93093ce |
| SHA512 | 0c0e42b8196974a6958990e3324d10ef255e4ec9642fd6c397ae6dda9c7c0abecbe6559ddb4b79fb7154ee42904d12c4dd300a1ed1483113f6c0d7802eaa975d |
/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json
| MD5 | 2105cf8d537e5de99c22a23ded4185da |
| SHA1 | 3673db2b67eb498eddbcea80ee150acc9c2d99cc |
| SHA256 | e2f1a5ec84e2344a3ac5015733acc963bd3125e5a4175615d2a02a595b4570a7 |
| SHA512 | 5ff2c275fae1ffdc296a088ff910104a7794008965abef8860edb6ac2454a1654caa0434591ee34a459e7908888b3028c9b5581fabab2c3efbdab09b63cc2796 |
/data/user/0/unknown.decline.return/app_DynamicOptDex/oat/RxLyO.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/unknown.decline.return/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/unknown.decline.return/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/unknown.decline.return/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/unknown.decline.return/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 21223e9184445fe043476484cd8cb1f9 |
| SHA1 | 2b4813f849121d60ba35eb0889080668bb62c778 |
| SHA256 | bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af |
| SHA512 | be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48 |
/data/user/0/unknown.decline.return/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/unknown.decline.return/app_webview/metrics_guid
| MD5 | 39f264473882a106edc98413def8b9d8 |
| SHA1 | 245fbc605af121e08d5c2bdbe1a09169a4da9e9e |
| SHA256 | 56c0679314573dbb3e23cc3668a1ed8fa4264c56460ce01969bb9e1e919d54e3 |
| SHA512 | 21fa6b92aa3dfc42c98e0098fff8aef87d889a0df5315ad985456518f50561c480f9b11d1fa4c38b0eb92a1ec5530ea26ffae295569c3e4a71705a9eb8c02b6c |
/data/user/0/unknown.decline.return/app_webview/Web Data
| MD5 | dc79f9ce5f3ab5270b33e61119dfc959 |
| SHA1 | 1844bf222a5144b513dcf2fb50a18c011701c647 |
| SHA256 | 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65 |
| SHA512 | 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e |
/data/user/0/unknown.decline.return/app_webview/Web Data-journal
| MD5 | 1c4825ac976a1bd66a9d69effa7bc530 |
| SHA1 | 748f6ee460ef3c477cde1e2dd5ef6f6c975ee51d |
| SHA256 | 346a4bdb079dcf4e3c69cab7e28b31410b65525033f9d7d3ec883f9d5363838a |
| SHA512 | a569763bbbae1342816d475e5d0d155706c00e7a4098b9a042607dacc7b30c6602f751510a82fb3aeb0e48ef6546a93c1ba87a937096d3bbb99a0d8092e5ed2f |
/data/user/0/unknown.decline.return/app_webview/GPUCache/index
| MD5 | 93027d42b314432c4216e6cfca48b384 |
| SHA1 | 43448dd8102979c3926828182579691945eedd4e |
| SHA256 | 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c |
| SHA512 | a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e |
/data/user/0/unknown.decline.return/app_webview/GPUCache/index-dir/temp-index
| MD5 | 0548161fd9ee9fba28d05546a51989bb |
| SHA1 | 527ef83d75e06958cc0363674144c088fab9f40a |
| SHA256 | 00fda1b385235039a92b0b72d7295284c8ef849b906fe28cf95c4833a55edda5 |
| SHA512 | d47bcad260d3c3ab516c252af91d45355d5225ebce7203aa64066df1e5ac12fc5ddbff6e464d268b8ff5d949a3ff32de46cc989c54e65f2ea619e013950b84f9 |
/data/user/0/unknown.decline.return/app_webview/GPUCache/index-dir/temp-index
| MD5 | c4bc9796d6db5d3517cb671cdc59143f |
| SHA1 | f2a294b909296512c3a2fa74fb0c13a2d094eb5a |
| SHA256 | 6f28c187544453606fa1998a8d643163931ea6de2c39d1cbde1567c703115d1f |
| SHA512 | b95fbf8af0fa21272759faf1b7bf67da8d0e1882811546ace35f6d00e95ba278ac45db06adcda584eaa6ce5a0744b566b8735be79ba55019a8634a0c1357f035 |
Analysis: behavioral6
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
134s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000e8664bdb653864eb3b20ffc0ad3b02100000000020000000000106600000001000020000000601ecb4da387228b0509641be214cc2b268d0ccec1a59a5a7cf584820aae5533000000000e8000000002000020000000ed1d822b72a3fc56dc368d9c02cd726c6af6ad1bf06e8fef4d1eb60b47caf7b620000000c2b70252c4808e1eb9f5c8aeb6bb10b255c56f06c0167249b099b6cafd3b8a5b400000000b1bf009f4e7e1572317d78c3c85edd50afb39dade53c0eb114a52a03e0be8983d11926a8800db225a0016deb24b367d9e736e725a2843a96f42d3fc58aa3b5b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397601874" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6FAE2E1-3560-11EE-93A6-FA28F6AD3DBC} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e3d78b6dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000e8664bdb653864eb3b20ffc0ad3b021000000000200000000001066000000010000200000008ce3fb58d2985cd7f5c4f60ab4df23736387927b5e185ab4eda1527a665dbc5e000000000e80000000020000200000002522bbf432c19c3c543c817bea4338df6ccf3ad17bae2a2955eb2aa2b1237d6590000000643d8a7ae8e6418d6d81ef2225f1551d4e62020e5db325b9e746863c6fb347c641d47c5a9379adef7af324ce3b94ef81d49b9b31614620503ad5beef38d920502e95c9190494a44e8f6a35e74b2ca9a9376d66539ed47ec10bdef9b7b4ffe431a7af16de6e7f336d0baa93eb280460049ed5828a19e6ff21e538ef78015ee2fab0e39d913ed090302b9da5e6ee520fce40000000e03761dda390720a23415a0bdbea00693e0eac13d85d7ade7feb23f13c8b1eeaf18f3f4542158133b8d0e289d0b7d419dbbd12cb872ee8bbb64aac5b5d5445b8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 764 wrote to memory of 2444 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 764 wrote to memory of 2444 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 764 wrote to memory of 2444 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 764 wrote to memory of 2444 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\FileBrowser.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:764 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA48C.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\TarA6D0.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f01c8731f57a1759c47d9addcab299f |
| SHA1 | 96ad07f783b677ad85eaf8a804760874c1262998 |
| SHA256 | dd0a6ac316c20a0a9b1b9a8052e7ee0f7159ab37b2c3cd9a5f58ed1fdeeacbb9 |
| SHA512 | 96d6ffa157ac4dcce2bbf350b1617011800faf07725710be34c307676aa990adb95362eabb59fb260bf1095ce445935ea65203891e9fe83a0abb44390d94983a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3627a7d267b357b376da05f99864b29c |
| SHA1 | 8f8bd3df1b361c1c09f8847bcd251fa45275c5f7 |
| SHA256 | 155ad802f732f86a20a83fab7ac935b60210b460fc84f9574c6c0160ace8bd31 |
| SHA512 | 6b2978ad4789cf0aae478e61c6f033b546016195eadd48f9c18f2f6de422b15de3278afdf5ac282f84cf203b7a77ed676530bf113f60e23744eccc590428a640 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e81c2c8458cce2b01d81e9e118f4e6b |
| SHA1 | 69fea05dd60c6a1f3f033265839ab706414fdb4b |
| SHA256 | af3fa823d5f96da2ca8bb40037e975f7deec956d82fcc77e4db028cc3b16143b |
| SHA512 | 76dc665a1ae1ce3b19ccf54c8754ab8d218e47b90ebff62bcfebf486c1ac3eb93857b9b75a0cbea3e2bb7500605fb62b2ffb06938fede3d540670828dae3c31e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 717f9e38e9e073c5da75e18af386f31e |
| SHA1 | 9bb503eb2d380985d8301b27f2fe845438236cd7 |
| SHA256 | ea404427d26b639b16c0e30d43e675149e3059dfe14a855512ab23e814e54f76 |
| SHA512 | 34b4043c9d85fbf63f78aaa1e36efbeaaf5f94fc331629e39d6906dcbb60fdef20fa50c49cd6b8aa1c8d0f810b253a25a97615a1cfdcd81e018ce0159724e1e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca91c44f672ffb489cfc75a476f1461c |
| SHA1 | 469409baa2a7090ab4adabcd13cd6c2d897bb356 |
| SHA256 | 2f4ef631f4481b104ff9324a53bd2712c969881f087a565cade98f8698c3bfc5 |
| SHA512 | bcdfa3e972b5bb567851a71bf54e5e59093bb78cb23c0b5e7a938252bd34c8918414fbf26ce941d3e447c084b792d6fd4f5a051eb8450fc756bc66d3b13c3cb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6002431837c6d4b141ba59b0c230ba84 |
| SHA1 | 400aeef575bc997813066db8bde8f379c8b21328 |
| SHA256 | 87999ca82b30f74a59689134b31704c36ca4b8c0d0591c1a9bafe321441dca26 |
| SHA512 | 138b38d74787c0856bced38118b6338afb90ed49227133af487f90c42747d1f0aa6052d2361fb157c11e95878ea0017709f553031231f2ae33bf24de45989e02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2721facef167835448bca7dcb8db1789 |
| SHA1 | 66dd3abe60fc4bffa39fcb4baef2c21472c936a2 |
| SHA256 | 4905a4c3a21b67a8535285a4727de2f0edca2c5bf7aa322524147af9f829e4d5 |
| SHA512 | 07f484a14c60c9f75e4dbed5419f0e2f9b362d2666013616acd2b81724324d43e3e5a7229ea54cac9a6049bf8f00d251459750f736c773f8a5d6522f404a15b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c550ee7a5fc9a49190e53a27bbf01a5a |
| SHA1 | d21ae87fa73f96da1a7d8e389728ca35b4c7b131 |
| SHA256 | a440cfc8539ffd51d87ebe0d9426f46a821c816d5f8f47d60a6f403044dec5fa |
| SHA512 | 10718ae13ed811f24a382de11dd162d99cc6b528513d545e4589279f21332546de113100a7ff10b24a9d382fd6610dcf43b8d26f9eba419d9990e7c468401cf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25e8f61180588e8da2c627dc3eb1befe |
| SHA1 | b9ffb9465ebbfe8cdc47231bd3323680a751888e |
| SHA256 | 79c04efa70c714b064b562a355bcf170fc67952696b163aab004aa29db68b105 |
| SHA512 | 38122a876c7594ec16eda2ce8c73c6628235cc4d15343dcccf2e2630f7a3ec15269e1b4f80874d9542500dde1dde838b2a818bbe2a1d71ceba02c36fcccaf399 |
Analysis: behavioral8
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\MediaPlatform.js
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
136s
Max time network
138s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10673" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B825F561-3560-11EE-9996-66AFBA4EB959} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397601870" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10673" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000dfff1b3a562844db5bcdd926cd82794000000000200000000001066000000010000200000000271cb07e332f43776d2644ddb394391d06dfa5574ce0a76559cc7ce9500d2ca000000000e8000000002000020000000eb41a2cf1b19a02e859d17e247ea45055d85c88865ca83c43190a96b2fbcc59c90000000f81752abf333fd503d8d5da9f7ed2d45a3087f3e56531c8c43a7ca3f154d20538cbee29832ffc04117b6882fe814057f0a86eae48867bedcf41dea5dde31ec18fafa0f24ad0bd359915006d51cbb2ba0027926fc0d2c101a98b15a368703ecc08890b9861186b6554b7ade573ecbf9d513e7aa137b2b612e8adc8d294c7323cc38ebc9fca0490703d66d93b8881e69e7400000007840d176dc8c7955445454b586b384f3dcf72430329686ae564a8b9b64f61900a2ef6aba238257cdf955b91469f2e287b744afc03c77b1d9fa081d493d24f65f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10673" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00a713926dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000dfff1b3a562844db5bcdd926cd8279400000000020000000000106600000001000020000000a8f1fe506607f7406af6ce44d3367f9b1fa387706735aa7f83ffa7de7b5be891000000000e8000000002000020000000ebc6dec450af87dff340c71d0b546ead1faf59dbed126f544304333a409bd472200000000c355bad8ef9b23475c94a84cc32ecc3cdba753943b94859e97be2630607792e40000000063ab9baf1f378ba8ab1d71667a7eec2082fd2e1e94830969fe64731b91e731c09f250166d46cc8a69195b185b5b9f5e527128cc478453eaef2aea909cf94c79 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2476 wrote to memory of 1536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2476 wrote to memory of 1536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2476 wrote to memory of 1536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2476 wrote to memory of 1536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\YTPlayerView-iframe-player.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.138:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml
| MD5 | ef17c0d2cfa9c240d1defe6248e48048 |
| SHA1 | 42f885b48804f6b8844c3d842701e377711e3e7c |
| SHA256 | ee460a8f85d97e83fe3a7c0e23fcd0abb307fe048f4c2dcbbb41a0fd450e871b |
| SHA512 | d75ed0ced66c2d9aa1ec08691a1a697308206cb5ba4451ccd7d9e381f748e4f1e5399a14e1e3d6acf02ac13e0f1cc0b7abe965d35df07576748a78514b3ff457 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml
| MD5 | 3a8064e9edee49ae0a0176cb1dae2209 |
| SHA1 | eb8675f094a89bcb08c205b5ea233a23f2e2a806 |
| SHA256 | 248ca981ba6458306aac383b20b206a140976e4a677e3437e53fda174a41ab45 |
| SHA512 | 2dfc015a30fd01ec74f5ba5d13978b47b5d65eb08d4fa9005c8e2d130071f9070e163e31521d2c1c149e05c8e0eecee895f3a0e088654124dfeecbf40185479e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml
| MD5 | 992ed6941ad2ca72c7e3346d6c78fa59 |
| SHA1 | 644456928c6181bc5dd21a9fffc59a75a5bea197 |
| SHA256 | 2ffcb291d0970c2b854362ac8a1cbc23c97d41c257bab85dc03ebc6b9c5d1249 |
| SHA512 | 2c301150b8f10419da8c59b256154c06ff6a685b4ce84c133e1f40429d534189007bbfcb761fc7b0805524137c7f68ff774fb8fae94c9cd35195dc09ddfe352c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml
| MD5 | a32f8f21d012c4a426adf8c3c933ed41 |
| SHA1 | e2ba328349357d24ec36bbef6879b45a9851d375 |
| SHA256 | 75056b4721338819994f01f0a130b8a01ba0c835620da3681c42a486977aa493 |
| SHA512 | 7027a09c875043ca3b61df7a4262407869b2755eed91f7aad12692ae7fc3f36138b81c6ff8e01bb59f4d043f227dfbc9bb0baf2ade7eb27649acc0df752208e4 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml
| MD5 | 63d47cbc084e0f497808c673e0e86a66 |
| SHA1 | 1cf2593792ca16bb4fd010c87e021a3644f6f264 |
| SHA256 | 0f504cf05288e7652c10d631764f375c6a94d3a47568b55afe049e6d23c6e877 |
| SHA512 | 353fe5ce7b6ef4256c9470335a7e9296ff4553679d5adebd2580955547c994d8dfe7428865fdeba95e46ca33c7d3a040c3199feef13de665df26512375cc7e7a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml
| MD5 | 82b7edc67ebeca3b96fa5278df47ee77 |
| SHA1 | e19b5676a15e8498d610866a6bb0b63babbde4e6 |
| SHA256 | 7081d3b7bd06c35eed2f52fafce7a02bed23b5e35901832bca78e4587c5fc21c |
| SHA512 | 315d326e4019971584e5cc43fa250287fddb9007bfae78de73c32d8b1606dc543c5f5950b57b6e14f3192a725b51785eb702cf373e040c4b1a939ac945be5194 |
C:\Users\Admin\AppData\Local\Temp\CabF01.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\TarF02.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d3f2a13b9f1d9df4d506bf8267ac444 |
| SHA1 | 6e5330e2d8a78de3bee49f9435c036bffaf4832d |
| SHA256 | 44eb3b75c9c3de7bdc6c546394589544f67b73c93c198ff1459ebe1749dc9c86 |
| SHA512 | 32f17cb209d4eee6168eebfb538563a9d32c26c575b62e6154c32e1d9dc70471918036e17d9dd554e6cd216f4d9e02102f0d1309f25f55b0487dbd9e86cc4387 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79f9e16cdd1f2bb68f691bbc0b14a5e1 |
| SHA1 | 4c3b4227f3e30a55e16e9c0da3d47e89a2199aac |
| SHA256 | bd6c004c8ffbbba6f89afcae5b42935835251ca332457eb05fbc35e5b9672c99 |
| SHA512 | 7a08a2dae454fb0fb8c90b30aad90cc42452f3f77b940915fab1498bdfa0157eb7ed4481aaa4cdf0142ed9f45ed2e029e426d3053f72bea2d35b286ffc7589fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bfb08aea45eccaec2bbdaef54d2987f |
| SHA1 | f46850d417e5489064b508d7f278b2cadd47d0b9 |
| SHA256 | a6cf0d4a0fe8fab023c173ed1f2f20862110f2ed3dc434aa08ff865464158ce7 |
| SHA512 | 81026f32a4142c8912bc6c99d20051e50d401c904156666f4dd67ed9e9cef25b6424c0268098d64ef65d8f2f37b533065d564c392a4ec0dc9ad8792fd88cacaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be332568e67f526fbd69e206a12e131b |
| SHA1 | 5653465ab21599e2e87c2aa36badd60697b50e8e |
| SHA256 | 44b395f656b3922c0b8502c492c38c146c19bed2d62d2f013d3d7e90d9cf8c50 |
| SHA512 | 81b43b6c95dda719039594e34b96f6f5fef1bbb684dbb0c52842f0bb55f0647dc9251f968c5fac33c88f52b9eacf1625f9c70a12b4c6267e444d680e72ac0976 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a9d48830f089881381db774762b16e1 |
| SHA1 | e6714854337b1d67a974189fee18a5da0bf7b4c8 |
| SHA256 | 2e20ae0ff77197b5c333be04a3e1c95039365646e0baff639bc53c9e7110f3c6 |
| SHA512 | 67fbd6d41c5566ab227cd5b164c0c8e288bb23466aa4f531f319a8d98d010d88b2e3c3a9c7fa50935cfabbc977091cff1b03a537b8ba61ee059ec6ef81aa1ad4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6862b637a3ad2889ca99f2e76991142f |
| SHA1 | 4ad0a58d9c3d5e14fd323d5d6483f2a4640ba6c7 |
| SHA256 | 2c3e99d773686ea40c8d1ccfe51b012d5c0a20c52ac693b6fe86640023c56b8c |
| SHA512 | 99455f7c64976df13fa30faca98cdf8432e5443f2183a3990e0b0f2ebe49b843c87f3fb2a2b59b4d6c002f0d548c36cb7ed952839045ce4e4c96e04e0c986ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d393c851f4aed5d9d33a1309eb36c5a4 |
| SHA1 | 5ab967ca96a280639409bb66780a69274c1a8133 |
| SHA256 | 2ebf47fac96e47c1cb3b5a3113d28bc649e17f250c637ebe7e7b9b3dfe6c5e8b |
| SHA512 | 1f9b7cab6575dbddc112af3f80a0e26a0cfa7d3edb0dde17013055353cb95751f589eafa5d1a2aebb30766b1b28d19a6ca52b4f1fd8d58a79f4c8fb80f249874 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19f61ed2f51d066b7bce5eae8f2720a5 |
| SHA1 | eb146fcfa1937b610ea08ffb598892349f795024 |
| SHA256 | 64904cc224f469636adbb31b4c474e651c2b979d1ac69246fbd4bc59a3ba3501 |
| SHA512 | 8b31e635ef71da34102dc9fc772c754e85fbe768f42c5626893bbd6ef38a6183fa20335ecc92182316125d78bcc9214601f66560da2c5a51270b024945899090 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b3bd6c45460163a195ffcf357c47a35 |
| SHA1 | 92066d15981268c91434bec7935e6f0ee35d4ead |
| SHA256 | 6313c2f7df266286cb5cdeff4a5d28f6de7efafd879efdd570f5b7e67abdc1e5 |
| SHA512 | 6da143abc878b27198ff039bcce9e816d1627ae57309aa9c194397ffac1ed157f413201d0f4c5386e40b60b9fc438915be43e19f969843c9fb8c9243e980f01b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbc39c5ffd26943df9004a6206f7ae45 |
| SHA1 | 57d9b6beb9c982949c6c19505817c32a4bb6da0f |
| SHA256 | f2bb5487c7d426f63c500b06c5242fca456090884559737b3205930fa550cdc6 |
| SHA512 | 06c223336b292ed973944622b64418b46bf821233cb945301ba375837712336e01bde315c3ea27c8eadf03d2ee289c2833956c03da9a83f85a8ef82edc59b35b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2cbf4990e7c2ebe9ddb8720d453368f |
| SHA1 | 651eb546e38e662558c1bba6947e30627d505b74 |
| SHA256 | f63fac622c453ddd689030bb50a65585ba8fc78fb2384de7e1309a51064e90ca |
| SHA512 | a138e2ca5156946fc6ff8e90a33f49998f739e0bae8f68d455977eb8f417d68aff561b92800022a046e3111b06e77a82d89b89f886775f16dfac08253ec21dd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 522e970deb3db0f033ec0f8745f6aed2 |
| SHA1 | cf2058329dbf9cce25ad99a2fc5a12ed28e685d9 |
| SHA256 | c50152164100c5a47c83c7f9ae7f3ba1dffe5f2a1918efb2354ea701f0e9c529 |
| SHA512 | 438d1a0c887192040069330ae304bad6fbb6e440cc8eb87e428f6d24f26aee379546d5f624f8804ef46f563d7b1101d031acaa81cc2738951aee0aba028208b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c297951a00cffa60442d8bd16d0a5821 |
| SHA1 | 385671feb06c98bd23c88670df821a4e20b3cdea |
| SHA256 | 51896f112c229a60add4f92b051087c2f5bfdb7032db90a7f1985be8f4ba411a |
| SHA512 | 52ffd8f62d30f231c3c0308d971feb5dae9d4fd410775429a72d04df3e06e072930d84943a513205668baac6304a875186035414e26f9a71faa06017ffa6ae75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2cae9bd79c4aa022f3522a484926325 |
| SHA1 | 76f1b670a3b0bcdaa463574a15874962fcf4f0da |
| SHA256 | d6a36ad0c5d0ea0632811cc0c09c2e750dca2529325b2a4e80fff3133367efcd |
| SHA512 | 43d8721ee5def639d3b00aefb6132fd2fb0fbd00d9ef3780f623d30da38a1c204a7fff7b46461775f3f0eb2c69718b23f8c4c6898568cc5e99dc79213c3c3a94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8ec656a7f777fb74deb160b18f86939 |
| SHA1 | a78687aa1828ec53f74e1c681124d3920216a397 |
| SHA256 | 5e6a1ca942181d2411ca9953b937d7bab3404ac84f215c5a43b0066358a42ac3 |
| SHA512 | 739545e61019da739ba5e1e047885d374ea81fcf828ed7304badee40d0820ac201528723fc05261920c12cba05bafc6bd08025651d34b22dfc7fe4c1fda5a3ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 254d0a94a7aad86141d69f81a9b36e6b |
| SHA1 | e1e36ddc1e8b8589db1e9f76c6e729040a5d930d |
| SHA256 | 6fbefd884ef6c2c90dfbf671db264c4f6eeba2d7282ea6806af2e15b250bb4b1 |
| SHA512 | dec086392d7a485e111cece2b167dc39ef778f4727d7c7950312a29f6814aed942b32423b915157cfd259a8aa2666ebe735561554767c4a23354fd5935da9518 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1694963e355cc8d6e93f6c6d97155949 |
| SHA1 | 4c0215106af7caa02f42d0d623f60a408ccd8e30 |
| SHA256 | 424cceae9d5c708983a6f914f0344fcce1926f044d4a786d23c9de3e83e2b97b |
| SHA512 | 3d9a17b043b5e0fa218784aec921a7eb8402092372ca24aa66278f71c09289804feca3ae4db5dde56be992fd6adab13e926b66e31f681026b8b16ed4b786d188 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b7999c67d8ef9306c1fb5ecb98f8bb1 |
| SHA1 | 2358042e8e26ddfc466590b3b6bad0d7ad32bb55 |
| SHA256 | 9069b8a4296cf134c27982d49a72f8968cf7a44d600240b376b2d7e2a9a3e0c9 |
| SHA512 | ffbc02c12712521d41da5a659e79e8d7a48d5c3679be60dde24d3a8781816355f8506d4f10e55ee27594bd5ed2ee3cdec7971b9f006dfe5d8f50692016cf035b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a366b0930823cb011b01d67407da753e |
| SHA1 | 9841b35d0313ba29db2f547de7dc1a1cba09b70d |
| SHA256 | 711d489664f23710f4e6b19f6df3d40bf662ce2697600f3e0b7821b3f1e15f2d |
| SHA512 | 4243f07150b3775a44e92a3fb1fecd29399633a5c538cc94bcd15a21410bb92bb1cff8a4ab0c7be3c4841da28ecccc5068bf6b14e2527b0fd349fe5941985137 |
Analysis: behavioral24
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\app.js
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
140s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\angular-translate.min.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
140s
Max time network
146s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\bootstrap.min.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.20.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
134s
Max time network
136s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a31a35914bcf84cb1db54e391e8cdcb00000000020000000000106600000001000020000000cba5fad5fff14c99ce5f6a8fbf50685ee52045fc14f780b0e2f0eec082dac92b000000000e80000000020000200000002927e4509b78c8f1456455c079580b5840c48c208552ba6107b3d9500fc07bb890000000368004d724b9cb1737db4453a1ca64caa1898056b54d2b3d065cf515e2d9e6318dfebce1a8ee671807cbaa397d5e6f506312112883bc8e7c380e2db5204c7b0666e67d5c0e14f8d3631defe008b038b7d8479c2e1726469ec4ef47f99238df53dee5d5289299472a3e08a739c736f466519311752de360cd16d2bca0f6c155270441719bb06517d764c9e738c38d7c9e4000000007ba1451fec51fb448c8319c699193bf439c87bca65877d4f509b85310c2cdda884d7180582c9aedcd1f927b7bfe7c202e645630c82d8e408624f86c4aed0564 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7CC1591-3560-11EE-9480-6A17F358A96E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a31a35914bcf84cb1db54e391e8cdcb000000000200000000001066000000010000200000008db0d095b3a751d6bbafe58d4551896c6a841b561326f155f1120a2396c780ca000000000e8000000002000020000000932cd681b44145f80b3e32044d2e3b46ed21d6181c5f360e055e20545938548d20000000120ab16909770085afb0d5e3d3edb1a23b3614f9dba590268cd9c67e72f366ab40000000acf2f440730bec5a0cc110338c2077172cd9df8bedfc67fb7d1978f43e77b8edb00d7fd57c977a66b7fd66241f5391bfe3610f7dc8d04fef3bd54291b0c04c73 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397601871" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8002c58c6dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2588 wrote to memory of 1624 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2588 wrote to memory of 1624 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2588 wrote to memory of 1624 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2588 wrote to memory of 1624 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\POLITICAS.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8E3D.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\Tar8EAF.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bac6b0a83d31cf0ac3195ac0de3588b3 |
| SHA1 | 60cfbade67759c2a343512e2d79ca5c4a5b524f4 |
| SHA256 | a03f9140cf783971c2e9a642a901bdca670b65f32392f6d609905e882c5b6109 |
| SHA512 | 25739e1d557527969accafd1cd4dc8f683999dc5e87aecc66a04a46edfdea7ec2f7801a613c660619dcd8809b29525c6681b4c14d806a4c1e40a58c8f11644b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0ac93cd2b4b1af40e4531418359d2fb |
| SHA1 | 089ae684939c3090cfef44556d8ad893d9396ab5 |
| SHA256 | 399a8fcb804cea0f964243fb5c97f06f963dcbba7407e269ae221bc428489c42 |
| SHA512 | 1568a04ade7f539b6fca3f14e856eba06afff17191360eb79d3fff2c131874d9574b330711390274aeb92ce0d927280faa0386d3ec02f1a936b03665be5956bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb78a07bd0713faf9f1bdd955186e60d |
| SHA1 | 65b280629ddc986a44606fac98e3d4f8a4047e2c |
| SHA256 | 1e664d9c7f4975e787d62783b0920d2f32612f46f76a702f1b2283b1e16fdafe |
| SHA512 | 7038ac150e1020907174ae0fbebea6efb5f8cf5dc86ba54550ed1c7255a21563673b0b4b794b3bfaec8d18b493a7a1a8150ec5d7d9f4b13d51395d48c85245c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0d8cc2961e648ace7cf0dbf2adf0642 |
| SHA1 | b993d8f0d1b274ef95d7b32929e7f7198e41c536 |
| SHA256 | 55d62e58c3be7b2b3e2cb53d582a241a1698f6b042cd64e465e3ed37c5468fbb |
| SHA512 | f55dd8a57f14b72a866525906670eb38cab994c6debfc517ecd5d8e2328474f97478073a7a78085345da9a1426be55b80b8c114f41b9bd45c8aaf2f89a1524b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f08d07767c2a5c775193c58c3d2eab47 |
| SHA1 | 862af673ab6896ae468583af2435893364ac6884 |
| SHA256 | b1e1e3e2f7487dacda0e463aca3c2a30d0be71efbdd115d37220bf49887d8afd |
| SHA512 | e4dc52cb0a0cd51b3603e0d5076e43c140975c4cd3281e814b92bf11576d107d5e3b354de99008aef5f92f916112e95f0e489c7022627a370f0a8c8fa0af6d01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d9c9ce96a29bb2e6b568941659b85b6 |
| SHA1 | 58dfd08e3b2a03706b6b891fea8fb75e46d3e08f |
| SHA256 | f43faeddc3d3c3b2d35b08bbe7dcc7d918a1f14a905bdad92f56500577dd908a |
| SHA512 | d771ee80ddde24e8bb965f66bb26cd7757edff0582758fbd8f518fe11382ec264ac5b790d1a1a387d96e7d1c4a4a0dda87058c358e40e6cfc4145d0cd02541bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5259dcf28cf41af1ccdf8be24400ee49 |
| SHA1 | cafee9f29c6d09cb870161b69866d749e7fa614a |
| SHA256 | 30c1793320bb76778df05b92f4503c430ebe607981246480371562e50a95256a |
| SHA512 | 8197dbee911a755bb428833538847565f06e6fa2099fcb18f45183e71505d3084256ffa729cbd9838294a45473c52a37fbfb2a28e078a869f9a0bc3235b106ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5ae11262687c4c719259b35ca195c59 |
| SHA1 | d7854f88708dcda5357a650b941efa4a3f232b92 |
| SHA256 | a87579bf704ed278c26f5c715ee55928f83e41474a1516ed9ef79212016872fe |
| SHA512 | e2307faf72463f9582b9f23550128b373bec32fd6f562a2865532f4007e7cad949b4832adf4e9789c58156539a5ac7a1e69255d61393233f2838d14dd91f78e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc469aa4dd214b33e5b11b0740ff8312 |
| SHA1 | 63593b836b7dd60c9c87d6e9dbd4cdfbd96a035e |
| SHA256 | 0b306ba03f924281963dcfe2fa0a198586e78a51c25e1c318fde23bf923c6244 |
| SHA512 | c2bda824bd8e794ea0e820a22c5e43979915862ad6d08cacab19bb641627d092f19de87d91068df2a2ee4c6972b75b7d755f7fd515009572da5ea8be40679520 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe3db67297cffac9bc0f1ef130ce23fa |
| SHA1 | 8cb784f6c3e9e7e4553752796fb124c71dd6815c |
| SHA256 | ca86841474b4442aa7d2d3603e9b0396941a3ff8824015f56d09e7c5c5992554 |
| SHA512 | 64cfab28c68191f88034e7a5f3c0fdbb41bcbbafdcc2af04f9b9b8fe733b305504d79d519c1167cbe22399b69e07874e89ad753c53631c18540b3d3f241304bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b177630cf21d5df91f070fb012738059 |
| SHA1 | 3ff67138443d27e8c555012aef9826d36e8dcb07 |
| SHA256 | 57142aaa1a4be2814ed294b35ad2a78f21871dcadb8eab9cec20d04ac8aeab9d |
| SHA512 | b7fb9449ad3c715184b0d26f48d63f3e6a3d01cf4ea0c5f07db0838890bee39172e4a90e9f73b09b7a58ce73a2db2d06b0fbd2a197a5ffcda46d0593d795eaaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74aefc7e4082988636518f400de9949f |
| SHA1 | 7cac8af3ca60c82a37647a246f0ce2644f8cca57 |
| SHA256 | 34729b154b26d409a8f6e1e9c96ec0dfaf738f39cbf41724c985564783184b62 |
| SHA512 | 012c089f8ec6be9c5281c048c4cff0ae3d6375af8acd7e771485686803fd6d4029ce231cf66555b9037992346022aa168833a10bf0309a92a46ae56d1937b063 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0a78d7aca6f6cb98e8fa3d6ecbdd5e9 |
| SHA1 | 04cc59abc5aeaa7dda8fae1d9d14338e02ca4581 |
| SHA256 | 2483b1e179ffae838e3c315cf07f0f0c9bc3600060e6a45e8ba19fe524d53d9d |
| SHA512 | 8f378afd49fce4665beb262af2bf1d9aa71f7818fc536d826ed61b8bb7a13c89b99376062894f7a57b5c0066fca3bfbfb19c8728f01e36631dcdcfed3d28e57b |
Analysis: behavioral17
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
142s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2357787373" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398204977" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B7E9CA45-3560-11EE-B651-CA9BD619D26F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31050093" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "10023" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10023" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a060ce916dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043db47ff6362a24abd0df5a96fa93c4600000000020000000000106600000001000020000000b08fa83ef998137168012f9ff166fc7a6004b9301eabdc579da8e65bd01a1ab2000000000e8000000002000020000000f3d4f9b69c6c48435f90a35011913949cd524cca49614338d2017a01ba1f7a5b200000001918d6d2bf97e9f2dc26cd253088dbdeb4a09eb2a1ec3a9b416136b27d4bdbb440000000ea83dab99d2ba018e9035997e337125b6d23f3c8471d9c1c848d88558f7b61f32161896b41ec21935c2df5730c1a1705a54ade431e577b7e1f92f35f0ef3b12a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2357787373" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10023" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2370445272" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043db47ff6362a24abd0df5a96fa93c46000000000200000000001066000000010000200000001f90e6aac591d209225a7778c58d0dd891c0dfa7bca4336820e44eeeda4a876f000000000e800000000200002000000001bceb1fffc1a38916f2dadf31f75eea29dc1a5904e4919880ec4f588ade4efb200000007c03465968b12c5eabc583220667cd09af2d9e5928456b18428ee6e9fdc4e0f3400000009bce7d84d00433c911ed3fab65f4c10fdb0c10ee24ac0be0db6dc7aed4f1045fae3589e03e06e6a0af636fc1323f5091eb5989373d6979c003f1aa7994e94322 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8047da916dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{736EB1C5-8E41-40EA-A085-2A13A39ECC58} | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4492 wrote to memory of 3584 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4492 wrote to memory of 3584 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4492 wrote to memory of 3584 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\YTPlayerView-iframe-player.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4492 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.20.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 216.58.214.10:443 | jnn-pa.googleapis.com | tcp |
| NL | 216.58.214.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.13.109.52.in-addr.arpa | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 120.150.79.40.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\32XN203M\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\32XN203M\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\32XN203M\www.youtube[1].xml
| MD5 | a8756d1cb2e8cd97161924bc5a185cb8 |
| SHA1 | c3b2db99128133e85ffda8d25a1998b49b305872 |
| SHA256 | adebfc8075131a0cd55afa7fd8d36f562a050a105c1c1a5018e59f45a67f5a7b |
| SHA512 | fc2e8e82dc695af27e2dfeacd92b30eecc1a4dd8aaa1958709a9644879814883258f658b343f5e23f850d333a168d7e9d1399d844ac314429ac1d5ce3196d716 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\32XN203M\www.youtube[1].xml
| MD5 | 2c902d228ccc45b7eb71ef7cd1015dd3 |
| SHA1 | 9c2192f27f61f6a9dd63a33874c89233397298a3 |
| SHA256 | 8378122ce8f0168cc9ed5f28b7233100b599d709ac8b612b815bd8cebf8229d6 |
| SHA512 | 8a1eb12257a11f342c5e68c3cbb3bdf16a852d35f05876e13c66c998ec8b2c66ccbd339b23bb65bf179185b9902d347cda0938ae2fbc37c61bd4c38f0d6dcc7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2e36f3cef7a2ffe20695635dfa71228f |
| SHA1 | 0fae6b13bc7a3cde8b9ed7857d9e86e78e91624f |
| SHA256 | d65db39b6f47ae702774e79d1431ef2ba708346b7fa7eb75fd6b8e7d056a38f6 |
| SHA512 | 418b6a1d53fc7971db175ceaab31b1513bffd3a38df4ff26da7bbe3e95f0ad723dc9a44d7ab1fffcd36d72cd4fdaf8fb1ed9456a9ba65fbc5458dec97f3be720 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | adb480d5b514ded0f564ea11a50b6394 |
| SHA1 | 7bb1c212267b243fa1c3e8fe6d4f85f5cee02dfc |
| SHA256 | 0412658328d7e5c54fb4bf364f8d9fa109c60ae828122d6f4d29ec6379d11f0e |
| SHA512 | 34aebd235cb83340b2098f99c5daa97a877e1b95c8f578dfabd8b749a7b69498b4c5f16c35f45071c4f08964503c65a18c3c06508aa9a7556d2250ec0ad9c255 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TTAFXRHP\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral18
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\angular-translate.min.js
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
140s
Max time network
147s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\base.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.149.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.208.253.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\angular.sanitize.min.js
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
138s
Max time network
159s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\apimiddleware.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
141s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\app.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.1.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.208.253.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.77.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
141s
Max time network
157s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80addb8e6dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398204978" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2352545921" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2352545921" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2385046094" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b00bcb8e6dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee5868703000000000020000000000106600000001000020000000be727ff5ea5a34a96e3a7bd81a1ecccdc93a423b55ef062a5962b5dea849ccbc000000000e800000000200002000000083744d5d0143226375a275cc8ca760a31800da49c0667c9b5452fbc2790aae13200000006d7b8d791e1ef4533ed74b187ebd4900487cfe63ed0d42e0c20be2ab8c1188c140000000853ae8a3945a97928aed71e980ac5ee9247f109ac4dbbb82f3eb3f734e41fd483a1b43c0c5402f40a1d28f4c4b9dbd315f67c0284f501004abce13fecc592ed6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31050093" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee5868703000000000020000000000106600000001000020000000a0fe85bf897f74ea4bef1a38ee452087a31756112513278f032d059061647cc5000000000e8000000002000020000000bf199148a348e18fd80ec2184ad3e6040069b30bf5059510a4825a4edf7f1f2e200000006d03644cb26322794492dda61ecdde924efd2d7ebaf623e18ab6bba76da81fde400000009fba3ed117b6c0ca83c8a0221f69157da958191b3ddb6c3be7477e0614b929476810f46d8e40b13f6f48e5739b2d386e2354a424b4d84cb6b1316da48e0d75c6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B7A702BD-3560-11EE-84C0-4E773A6B0D09} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 984 wrote to memory of 4608 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 984 wrote to memory of 4608 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 984 wrote to memory of 4608 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blank.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:984 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2e36f3cef7a2ffe20695635dfa71228f |
| SHA1 | 0fae6b13bc7a3cde8b9ed7857d9e86e78e91624f |
| SHA256 | d65db39b6f47ae702774e79d1431ef2ba708346b7fa7eb75fd6b8e7d056a38f6 |
| SHA512 | 418b6a1d53fc7971db175ceaab31b1513bffd3a38df4ff26da7bbe3e95f0ad723dc9a44d7ab1fffcd36d72cd4fdaf8fb1ed9456a9ba65fbc5458dec97f3be720 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | daf77965a64a28b2e0a550f5fb25fe01 |
| SHA1 | 4990a1dfaad8005413ebc5ede7227a03b66a20fe |
| SHA256 | 2882acf91aebc6c605449241135a02f03d013e5525447b2ed1c8786f8080906c |
| SHA512 | 97dd84e95ecd715c444292d21da6f6dca39dbd253501a4bdfb1a14638da6a2d55966e4442b1708adcca6df2599c5160944bc0112ef178f7ac01423afb820e6d6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IEREYVXM\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral2
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:27
Platform
android-x64-20230621-en
Max time kernel
3517891s
Max time network
38s
Command Line
Signatures
Ginp
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json | N/A | N/A |
| N/A | /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json | N/A | N/A |
Processes
unknown.decline.return
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | gunfirebob.top | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | jackblack.cc | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.250.179.168:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.27.188:5228 | tcp |
Files
/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json
| MD5 | 399ad44f3cc66c9f1d473882d75db038 |
| SHA1 | 2bda8a9f0f9f59e40b28eddd444d08c3cb0cec82 |
| SHA256 | 1f563937a4ff9e143e0b00032376875c7cfe2d76e14d0675585b1bd2adee98d6 |
| SHA512 | 35ce54d7768cf49f7344ffba65ec6a2ca55fcc68fe9d6f8d50e68d6a87b38e38ae504ada75c44173a380b89afbd395dec1a2e1c0751b51e967386df8425737a7 |
/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json
| MD5 | f0141bbe2b96842a489d9a97d7377658 |
| SHA1 | e5d6c7d6c487e8fcfcfd593d3d63e55f37026aeb |
| SHA256 | 356ab89ed459e9a7cbb9b39ebe9d2aabc0991cb1308bdba3c645a01ee93093ce |
| SHA512 | 0c0e42b8196974a6958990e3324d10ef255e4ec9642fd6c397ae6dda9c7c0abecbe6559ddb4b79fb7154ee42904d12c4dd300a1ed1483113f6c0d7802eaa975d |
/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json
| MD5 | f0141bbe2b96842a489d9a97d7377658 |
| SHA1 | e5d6c7d6c487e8fcfcfd593d3d63e55f37026aeb |
| SHA256 | 356ab89ed459e9a7cbb9b39ebe9d2aabc0991cb1308bdba3c645a01ee93093ce |
| SHA512 | 0c0e42b8196974a6958990e3324d10ef255e4ec9642fd6c397ae6dda9c7c0abecbe6559ddb4b79fb7154ee42904d12c4dd300a1ed1483113f6c0d7802eaa975d |
/data/user/0/unknown.decline.return/app_DynamicOptDex/oat/RxLyO.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral3
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
android-x64-arm64-20230621-en
Max time kernel
3518036s
Max time network
143s
Command Line
Signatures
Ginp
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.getInstalledApplications | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json | N/A | N/A |
| N/A | /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json | N/A | N/A |
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Processes
unknown.decline.return
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 216.58.214.10:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 172.217.168.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | gunfirebob.top | udp |
| US | 1.1.1.1:53 | jackblack.cc | udp |
| US | 1.1.1.1:53 | jackblack.cc | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
Files
/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json
| MD5 | 399ad44f3cc66c9f1d473882d75db038 |
| SHA1 | 2bda8a9f0f9f59e40b28eddd444d08c3cb0cec82 |
| SHA256 | 1f563937a4ff9e143e0b00032376875c7cfe2d76e14d0675585b1bd2adee98d6 |
| SHA512 | 35ce54d7768cf49f7344ffba65ec6a2ca55fcc68fe9d6f8d50e68d6a87b38e38ae504ada75c44173a380b89afbd395dec1a2e1c0751b51e967386df8425737a7 |
/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json
| MD5 | f0141bbe2b96842a489d9a97d7377658 |
| SHA1 | e5d6c7d6c487e8fcfcfd593d3d63e55f37026aeb |
| SHA256 | 356ab89ed459e9a7cbb9b39ebe9d2aabc0991cb1308bdba3c645a01ee93093ce |
| SHA512 | 0c0e42b8196974a6958990e3324d10ef255e4ec9642fd6c397ae6dda9c7c0abecbe6559ddb4b79fb7154ee42904d12c4dd300a1ed1483113f6c0d7802eaa975d |
/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json
| MD5 | f0141bbe2b96842a489d9a97d7377658 |
| SHA1 | e5d6c7d6c487e8fcfcfd593d3d63e55f37026aeb |
| SHA256 | 356ab89ed459e9a7cbb9b39ebe9d2aabc0991cb1308bdba3c645a01ee93093ce |
| SHA512 | 0c0e42b8196974a6958990e3324d10ef255e4ec9642fd6c397ae6dda9c7c0abecbe6559ddb4b79fb7154ee42904d12c4dd300a1ed1483113f6c0d7802eaa975d |
/data/user/0/unknown.decline.return/app_DynamicOptDex/oat/RxLyO.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral7
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
91s
Max time network
154s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a800000000020000000000106600000001000020000000083a427fa9b185aabce49ffc554cad447a0836bb96d00af98b8deed1c47f4501000000000e80000000020000200000004e766a00b15f7124c9437bf8127037f2948c751cf41c35800a0f4f7523be496220000000acbcbf8b48c5fb3fdbb65dbe8931bb85275802d28fe5cd0cb172bf6b1d72f5c34000000007a006a9c18c449489198dfd147fd21286481debddaacab109fd0d58c26ae814518ac16c2c871f89dea60badfd42a402132c7bc0acf7d455f4fc2bb273b48ce1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B7558868-3560-11EE-B699-6A662EB9E81F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31050093" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0ec6e8f6dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2375943858" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2347818649" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2347818649" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398204977" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a800000000020000000000106600000001000020000000be3957e3aff530d9bdf9d890e17b8830ada30e2e750c947699495ecd992caa7f000000000e80000000020000200000002e265f392c16f94a3dc2c5a4cd6e284e915bfd76a9f43ecb92c4097690821b1120000000897a9fd45ebd0871b64e03bda1ca23111caa39330deabdad4b08964800b02e5340000000616ee772a0522e0fa26fb8ca6f51f3850b53e48ef3f69643bc643c248c64b6ea4e1b1f56df475603a5809cdd1e4643605c0d90e538185a13ed115e2859271520 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f8568f6dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1284 wrote to memory of 1916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1284 wrote to memory of 1916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1284 wrote to memory of 1916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\FileBrowser.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.1.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 7d5714975d3d2a763bc7e00dc1be4e38 |
| SHA1 | af9143938151299c081187999afd868c6c478866 |
| SHA256 | 4a4a1ea33d05e7404411889148c8a9106caf558f29e6f6c9fcd29434bef86851 |
| SHA512 | dd75b11e108517838769e75fde6aa83ac15e03a006da6e7319373d83e14f6ba6dff4ed06e4eba838f0ae9aa8769c54914d5908bbdc60fc67a0c245ab5e613337 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2e36f3cef7a2ffe20695635dfa71228f |
| SHA1 | 0fae6b13bc7a3cde8b9ed7857d9e86e78e91624f |
| SHA256 | d65db39b6f47ae702774e79d1431ef2ba708346b7fa7eb75fd6b8e7d056a38f6 |
| SHA512 | 418b6a1d53fc7971db175ceaab31b1513bffd3a38df4ff26da7bbe3e95f0ad723dc9a44d7ab1fffcd36d72cd4fdaf8fb1ed9456a9ba65fbc5458dec97f3be720 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C7IPBQYV\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral13
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
141s
Max time network
158s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31050093" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2377446027" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00e3988f6dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398204979" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2391508753" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2377446027" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B9122CFF-3560-11EE-B699-4A1E53401E07} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a800000000020000000000106600000001000020000000f5e0203a13162229d97e5b04b01c62b57c505fab16900da99347a07c4917318f000000000e8000000002000020000000f8b7029fc83753474c1140d82803f1b13b38580e83fe25e50d12d4e607e8be252000000002f0c1c237d3c6ecc42f4e0dceff2af6daed16b8df0f89d499bb485dc52ed95f40000000d6bfc08edd6a67d7ba9a257895ec45da6e0ea30273e9513e7a5b9801fc6a081160144dcf67fe757638e1425eb4767a3fd04392c4a600ff70f88d4977c02f0963 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a47e8f6dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a8000000000200000000001066000000010000200000004317d02886ed0263f2cdc040a4d41c79a0758a2ea3db49bcc05796f245b5463f000000000e80000000020000200000003a132d62e76f6f6c1cc934297b0698165cc20d6e83423d0c93cf3ee6e29be3b6200000007f90589cd401473d87293bf900eb02d7ea24be74c6aa0544a79b4968f68dbf314000000052aeaeb82a25ecce71a23c3332006fa3290a0bab2d65ed09c2edaa5e931dfaf24c0860f3ecb98a0e5172cf136b4b9240a7c292baa5764722708a12599836a7cf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 920 wrote to memory of 720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 920 wrote to memory of 720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 920 wrote to memory of 720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\POLITICAS.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:920 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2e36f3cef7a2ffe20695635dfa71228f |
| SHA1 | 0fae6b13bc7a3cde8b9ed7857d9e86e78e91624f |
| SHA256 | d65db39b6f47ae702774e79d1431ef2ba708346b7fa7eb75fd6b8e7d056a38f6 |
| SHA512 | 418b6a1d53fc7971db175ceaab31b1513bffd3a38df4ff26da7bbe3e95f0ad723dc9a44d7ab1fffcd36d72cd4fdaf8fb1ed9456a9ba65fbc5458dec97f3be720 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | cb3aca98f8bfb7f9dacfdf85973458a7 |
| SHA1 | c23197552a186864e5ac7a6ea5a970bdfd0eebea |
| SHA256 | f4bfb3bf54cf98fd58d801b7e0588d14b2ed583ad1d555453f5b9fd0edc0c4e2 |
| SHA512 | f40564d6bbdce21130fc2bf37a5d86175d41e251d4846911ca2d779a11ee4dd0796277d0f461b76c07e354b7bc2168bb03489d69783ef9e45abce852d3553d07 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C7IPBQYV\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral15
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
142s
Max time network
148s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\WeReadApi.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.1.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.20.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
119s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\bootstrap.min.js
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win10v2004-20230703-en
Max time kernel
140s
Max time network
157s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\MediaPlatform.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.20.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
134s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6E76A81-3560-11EE-ABD2-66AFBA4EB959} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397601869" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b14723a8e389564aa88fef2378dcfc6300000000020000000000106600000001000020000000ff9da8a8e363bf5e54715deee8217ad9060f57468486201920727cc62da90146000000000e80000000020000200000000436460126f378d9ccaf74be59167787cad1e6c5fbccd0a43580182d0276da4290000000ffe9abfb9529fcb8d7964dd6892a535d578e21c55553b8524a26848b58f3f5e492b9429c4a35d5344e47eb6e1e551231521ddd350201e7385e5eaaacd9f8346a54a9b695dbec18373b548def8a688bcb5677187c8a68637829aa3274861eef48e89fbc6e8432baab7b772d913de1e189140f949fe343b800e1c166755cc9fcdd6f8f06ab8a17ac9c474565aff2332ae640000000836d44826f03d7b1bb9dc6ebbb550d9be2d2619595f3fb45d33603dd608d88515c9cee04576f4d8ae23d4415a070cb0d58276e53ba849d3a0a55ec9852186ad2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b14723a8e389564aa88fef2378dcfc63000000000200000000001066000000010000200000008d90a108283042834da3a01f1d4760a2b20fa61329fa43c0413498e900075b11000000000e80000000020000200000009e6b55edb613dc3544b8b01ed8adc299a8e1522ddb5a9a592de60575dd2400bc200000009fe02defbdba1cda55c81729399abc56441225bd0e861d16b68cb3e1aaa13f2d4000000061641020f0c08c4fe0c91da0d98800aa766c9b9c5e5b2c70db501b160c7812e377570cd0949c5b3f2d3c54d5935691a7cda84ec8b7f72e00ae119f69765c0285 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 502dda8b6dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1860 wrote to memory of 1276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1860 wrote to memory of 1276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1860 wrote to memory of 1276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1860 wrote to memory of 1276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CertificateWarning.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1860 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabADC0.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\TarAEDB.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 762394f74248c8d8502bd3932abd0346 |
| SHA1 | 6d074de1f824acd9ed7d03de9f29177f53b67f9e |
| SHA256 | 093d50537e81ead3b6aa951f98e5d0acfba295cd8ad038c99dfe44aad33f13ee |
| SHA512 | 47e4c99b2dafd87dd7d7af15d9e0ce304dfc4123f93a7cdc7c121ed044a39aceea07ce697bcef8624fa4c94aa76d077e5e7502cac6109f4a4f8ea1bd7faf4981 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5488035c87ed737e1368ea6ecc32d721 |
| SHA1 | 8a05d3613a7b45dd6f73fd359fb359fe1cb34ba8 |
| SHA256 | 96fcf8ee05711edb2a466fc0e16718549449515b5016d02aa97997961ad50feb |
| SHA512 | 71b82605421136e295bab1568c7506bf09bfbbdcef7fb6e3a6d7e247ea89fcf3792f4694da4034aad9a4e4b8b36793b1e7984e5c7393d561f7ce439d45907cda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adc2be8d51b6ad82d671a3e36866db16 |
| SHA1 | 82bdd21f315a3d15f1593550f565195b8a571764 |
| SHA256 | d1c182ab7ddcb99b14887d80e35fde7186eb68628b684df1922e1e67c28d29c7 |
| SHA512 | a3c0adb723d6d61f63e069dfdd626efeca1aeb77f768ef2680e867b5730f9e19598080aa7c43ec9eee1d7d2153f403ed945081861f0937a17b209bf1b0ae55c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 188c8a1a4272758851a05e76004cb5a4 |
| SHA1 | 0bde4cc3c07c4c0443199668ecc16c42da83df13 |
| SHA256 | 89d04bdb7561cd18dfe541e6fb96c24c73e31964bb4fd429dd7fe623fd379a97 |
| SHA512 | 7d45e2a60f91e82c1d111b7c2cf19e6ad47eebe3d9c9a3c82d42b6b7273267e7c02553a2f0db16a1283e718248aed6ec631d96d4d43df8b7bd334acedd16ae14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9828b8145a1dcae1d89a7336a6d802a |
| SHA1 | b778593d99bc7c918d22676e620f6d6e57ff4de0 |
| SHA256 | 935892694a1ece799912106d6cfa6a687377f141fd02a90f374fac5957609317 |
| SHA512 | b32a09e0c7c14770b4c02d7173c1515394f224e7194f37c4edf87e5bacac0dc1e888c1df035d1a9c3219bf85d856684b13bf730a78cc8059a782129a0b7a4923 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 771edaefe51bc2b6d62ba2982482a47d |
| SHA1 | 7eb5a717f5894a9ef2d67c578731be03b0162235 |
| SHA256 | 9f53962f953d13db7349ddf9c4ff95a5753e2521bd9d69a09eb58eac3c7f577b |
| SHA512 | 700eaf2157d75ab758e6cf67ac9844f2316a501b810fab3101381eea0000899cfd7873dd669cb48913bda1e89e8febd718773bf87729b8ca71c7558c56314789 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba9f4cc5eb8e73f372103a852a9a5463 |
| SHA1 | fbd0527375005b3087804bd520201e7dd387a7b0 |
| SHA256 | a81cddfa097af055acb08966ea0ef04a5b622efb0c03baefeef0183e69813459 |
| SHA512 | 4fbfbdc12d1ea5736d108bc99bf3cc245f29d67617a7207f994d12c5cc28cc94aafb8ea6e1762eb42d0daa87d07751c1d7ca92a1736d11886cca39b04a620cb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 869db8ece3fdde328f677736db140306 |
| SHA1 | be923bef2527557642edbe3389c501dc331b102a |
| SHA256 | 3f295c8b54194df2480406a47f660848206b07da61ad34fb5f3d3b82edc4f105 |
| SHA512 | 64d6763edf2dcb43d45d82cf32800b6872ebf8392d6192dbb8594dced1b7eb3a89bddd7f55a4a27fe96b838af1202d78b9fc265fdc5b85ba4dc1d32d370c3576 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6a8c1de8904b526f6aa8fd1e3e2092f |
| SHA1 | a51a445003c760d711cda179944ed61de8e0a894 |
| SHA256 | 72616a8b12be50a8f2119a314959859baa1db5e41b772abd62f5230327583461 |
| SHA512 | 05dba4bcb1092b280abbfcf3cf93d31eb299982ac744af4acde3b4e325c7715640486681a19abc10f1596744a56f62e065a128445c015b7ce609884b6734d18c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07f15df4d17dc20dc2fb0491a462f914 |
| SHA1 | 8d83f057e75cb022e3140a9e2077a93d1661fe7c |
| SHA256 | 0a75b71f2507747e7c6ab97c99bf3ecf507e551e7e4ede595617e4af9ac7b636 |
| SHA512 | 654d0d66a8232cbe7b9af54f72335a56e5fc570e17077cc5de5876e981f2819e6aa1233af5b368d6667b44836e0de3f99f949fd77e96b8ff4f7d6a4a10e8e28e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 331a73de0ef1259e1627e8c5569ee9b3 |
| SHA1 | b196a8e22ab7b1662f40058f8c29809157ba030b |
| SHA256 | fff987d1d12dfe7ddd3a75fcee02a79b7c4397a40ce58a93378f520d8d474877 |
| SHA512 | b5cf87153f1304d0e65b2addfd1233fc406fcd02cb832b827e8ce58b6e47b67700870f877eb90de15471c89dd1b3151847cb9f3663ec282a98b7e1472b85b683 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c555b8268652e44bec761b91e66f03b |
| SHA1 | 1fe67b8caa6b549ebd91cbf6567070dac35c5729 |
| SHA256 | 2507f5fb6fe93b69e3938a21bcb68d07db3601c0ab7b79acedf78dca5f73e5c0 |
| SHA512 | e543fe36016d35d0905fb29073f54390ca0daa0afcba1b9d59e0f4d487be9a93e966613e095f99cf029e35facc75721d7d83b19f5bc27febe04ac31511bb99db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b68083f07d8e418e35c9caa10b96cc13 |
| SHA1 | e49fa64612579f199fb4e48d7cce8d7b07e038c5 |
| SHA256 | f9fcfd98a23fe9067ed00f0acf6b27af4d4a1213f3f13a2cdbe1842ee55166ef |
| SHA512 | 4d60af5887fe1f587c38853995e2d0406830d032dcf012c1c5ec0f190dfd3dc466ab674bb68409709e4f3bb1a02af79cda6ae843c9f73e21f0e8f2db55bf8f98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 294150428c857dd34063a48725c63c33 |
| SHA1 | 8728c3a5cef2f20aa8a9171f1d4a2fb3911cb291 |
| SHA256 | 2fbeda75ef2f99eaafbc48f2c6d2b2bea1cce1a7706ae2a8c5c5d1ffde309d38 |
| SHA512 | 5877138edd8c636c4249e882d2fb66f1bb2e12725181d5007c6c4838ee10c36c9a9d8e65ab697a2137aaeb8b430f6be46ce45eee7e830a40bd858e8e7ad090ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b60e3087c868e8651dbd925e35aedb79 |
| SHA1 | 42844830209d67e3c6bddb10534cf14bdbf5c432 |
| SHA256 | 2623854f210ed4bf6f49489f2157c672629586d10c5784c89aac3e215ffd5e21 |
| SHA512 | b6cf1123c9c740a31a26e9b8a79b69921b7babba5eedc9e682afef93d3ea8c62e065c286ed55723bf893942a3e2fed4a9861fcef4dd7394d055f90d53bcbf8f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0628b73b6055b08cff89ebb29de79e4 |
| SHA1 | 58f042214176870e4c452dbabf495a87c0f6847a |
| SHA256 | 3107abbc88a8b8026e1a53ecf81cc42155b6fc48c065b0e4c2bcc45fbecd9f6e |
| SHA512 | b8b9150144b55f01935180daa671c15707f8c3b4a2abb2dd654013a29e0e1aa0bd14c47d84ec5007b84079fbf8616c8edc67b3d56b501603ed3922e38f8f2a7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc6cc71abf0838cac305795590f2849d |
| SHA1 | 7b4fb2cb1a1348a61f6d47c9497dfe723e1193a9 |
| SHA256 | 521d100daec7e346966ff26b468049c4eb340790a9a8403ceaa10e14558d2d8b |
| SHA512 | a7259d2a9b4c67203c59e2fb67f0835887b7a6921a170c16dcb695bebfafee9adcef3e78f10f5436482e8165d5828c55fa0d2e03621aa2e133417d8568ea377d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe63975f36d1b27fd419e87cf34dd0a4 |
| SHA1 | 0dc357547d1f41d38f2d80079f1f754c6999b7fb |
| SHA256 | 6301d06f5d6d7c4f22a98781fa405b131d68151ec502b19ef7369f39bbb8c767 |
| SHA512 | 03ef4a7d3db0d024c0247324213e85206a8c627c444ef3fffa0949b64476051afbc4f8c17c5e6eac6625128335d00e4d5bcb11ca29b9828af80c14559bd7aecd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30d66e40fb8cd396b7ff9ff1344cab18 |
| SHA1 | 923d980add91b80b42ea3066c98ba7d7343de992 |
| SHA256 | ce8c767345bdd49ec19301b2383f571f0135ecae4aa77a5e33388c043f1f9dd8 |
| SHA512 | 3753cec2e0e7ab08117b0cb587c4da273b4466962d51a654be6aa57efb30dac894828eca1bba0da84a3e11fc690ed2d39cc648c954594902ba51d0be9dd239e5 |
Analysis: behavioral10
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\OPENLCS.js
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\WeReadApi.js
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\apimiddleware.js
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2023-08-07 20:26
Reported
2023-08-07 20:29
Platform
win7-20230712-en
Max time kernel
134s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70c94a8c6dc9d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397601868" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b14723a8e389564aa88fef2378dcfc630000000002000000000010660000000100002000000095c52dd366462c1c5bb31d8eb378a57b5f0a54e737b834d1787a109b64ffd58f000000000e800000000200002000000086ca2135aa5a83ad2a1ac1100d8ddb1601ad9ee25cc96abf9cea04fcf1d2960f200000009a40104ba7b3b0c5ab62ce3ca2b3f81232b2905259fd047c90db82b40a451fbb40000000b5760813d1af8ec05498c22dfe912c244a547f104448fec0f0d27cab2c0596559ec6ad84d4b19ce30e9c3a7bf002cd4a67bc33656b38bf8502c046d6ff7d985d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B781C621-3560-11EE-B06A-E66BF7DF47AF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b14723a8e389564aa88fef2378dcfc63000000000200000000001066000000010000200000006f0121d3ef73a228221378390d4b41b74f50c9c7b8e6a757eddb4e60295de5f3000000000e80000000020000200000001808c4914b9210cca0eb698f6ac8aa2689b9b26c1504908aed249efdd94701f8900000004c86a5a63e1a2dad906673e163c69322d640554c6729e1ab617919f2844246a0c297ac7aa5a61658b23c43bf54711100f8dbf86c07b6baf162cd5978c0dc3a9d6309bf02964e6c06b2efcd78e72e9343805d10a61ebc915dfcbf1e5fc67d18bbcd15b47bbc0a52046019eb5a17a845340558c770ad6a65b6bcf19fd5992140af1514701684c3c5c89b796d79e50da0dd4000000064390c5d906dedfa82a1c39df3f44522bbf8dc113dd16842bbed4559d5a0e6ffd43a048f01d721205d9525ddd0c2eed736286d6432311dbf39bc678e63bc295f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2556 wrote to memory of 2976 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2556 wrote to memory of 2976 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2556 wrote to memory of 2976 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2556 wrote to memory of 2976 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blank.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9002.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\Tar9073.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fd3b94f70cb050f40bb962b2154650f |
| SHA1 | b7cd4407715bbe2097e1b39831f7d6961df3b200 |
| SHA256 | c58ce4053d44f83188682d2732feae79765d59091243edc023739435b31888bf |
| SHA512 | 1395a8d9f994e365f41fbe8e0a93da589ffebdea367569a09c563b3e298d2f0cfe720ad4b51205119d9673bd2030543c577adbb588731df3b78c207e46adaf42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a17ed2e06f548d76f29f1d4d6dd6d1b |
| SHA1 | 959e485b7d60ccfd114114bc5ac481d66831c671 |
| SHA256 | 9082a3eacae2852281ba8dc1486723f1e7c2a1732305f606cec299de1d7f8152 |
| SHA512 | 95d252411f1a5d519032a4357d901c0acf2ec68a2a931640c38bae957dde87a53add50810b89602c400bd443f1ef69ab0d8702b260bc8ea2bda46bdcb9672dc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cbf27168370bdcd04c6f94c18b114a9 |
| SHA1 | 60045f9ef1953f71df5bd6ea800666cbc7005a3a |
| SHA256 | 1e27f49ef31f7707eeb9f8a240aee3f5d7494ba2ff019ceb4eb99460f03b8836 |
| SHA512 | c34d20081454b5f328f213c5c84248f0ffcdc6b5daf56f3028556ffc5e2dd81961b4f8cdec17a020738c7a6ce2e32a54baf23c6fd4f1396a1807ebb496fe7149 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c0a2ed632b49204ee1e861a7a3a0f1f |
| SHA1 | 86d5ab3dece5087400cbe92931c50a384c5b3cad |
| SHA256 | 2c3f0cdfad0711379289b8a782e4bc2c0fef1ab16578e3168da610c544b103d6 |
| SHA512 | 0b37d904466dfcdfe64cbbda2a3cea2561ed4e4ed99fd60052bb649af82c66c22ef10936dc0a8f12f27432c654feadacaf27fa1be527c9f4591db7b7219774a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 249a56b910ff94436176e1578822f4ac |
| SHA1 | 0dceb6653fbc09a20df5d002de5cf5733a68264d |
| SHA256 | 99936ca40f289e44dbdeca88ac59538aaf7d1cf6d9799b90497264aadb503a7f |
| SHA512 | 31345eb84dc58bbeb461950ef53704626a16a92fab8719a576ca85e68039be17c066633326aca859f7ba58f9cb24de4e3c7b8fd714375d8018f847d5594057f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4f98e31da9021df413b67f52e46e48d |
| SHA1 | 1778bde833acc813831f5d45477dc1b0a5917014 |
| SHA256 | 3623425933191ae486e1f1f6508c313c13c78d3317558037ec90d72dddaf1429 |
| SHA512 | 8d166ab3cebc01b684881da90a7613953cb8f2d53b1a63c698289b0aeb356ad2bd02b8c8f22e660afefa7ce01ded14aea527c2a1f26993c1b77a4d7134c95d70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29ee444d944bf04001c6a9fa7215fb94 |
| SHA1 | f6046c92f4d4865a0c00c51e176ba8233d13a542 |
| SHA256 | 4f28e60e62cd39b3e66f5085b0a482577e508a5f1a4028697e2e4a74276825ec |
| SHA512 | 4e009dd65a3afb6da49b8bf9ff395696bd8b3ff20dc2389dbb0923e5357dc1c83d2bef2a4a30ddc96755202b0c5a0a1a5a4ba7fd8a69c32f7b30fb820786ccc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 665705cbfe4f42d66f2cc6f2480da473 |
| SHA1 | 64656f60497be41381bfd3c27ab093c1a5fbef29 |
| SHA256 | 0c18d8fb2b0c63cd2206f6380d59462833467d20efe3f9499e4277f9f165bc0d |
| SHA512 | d69555cf1c29e4a2fabff08c750ff8c3e4ea859630e96a68c118e0a1deb33303cae36d510f423759d428710eb2fb90c1bc7e0419a2479e5ee5fd22659dd10803 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 233b7148a9b26c7b698b769eb3238ec4 |
| SHA1 | b7b9084551df4f8a21056cd871a939f17c2ef86a |
| SHA256 | 5a9ad5a5036bab9209a2b7a4acdca968f66eb82b54533722957bbdf9535099a7 |
| SHA512 | 3f54f1435311521688dcf7368364f1b910278a423b5b1fb6d3fcac192a10e7903c3bc1c108d2cbd207bc435c40b23ee3bcee52f7ba04d1df76f63ed8b700deb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c34fabdb15c99c52f908c5f62a5d796 |
| SHA1 | da68d3cddbabc8090889eb64dfc9b9365da78190 |
| SHA256 | e70488489cd1532fcbb76f858943cd2299d8e0c78e97f3bb0685fdb0afc954de |
| SHA512 | cab851b360c6046931278f9af7c6cdcd9d460e3c49817949fae0c9d254b3970a23e4ad7108249705fa25f1065b7c1cf741bbebe547378223a740e4059ffbc4e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b83ae5e36ac3dd94293e3207c00a2242 |
| SHA1 | 445c847ca6c5e3e001142e21e1169b3f5cbea01d |
| SHA256 | 14aa8631b237193bba877c1ea827c1453beade1166678e98fcf77c6f7de0d0ef |
| SHA512 | 91f0fe627e04ba9b2f7d7d37c5a1641a32d861e78292a9256bd83acaca40333f868df72de0708005f312664f3a2f59f2c75656ef4f02e975f31f2291ef8b7219 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 983ede9d7069119c3d57fd3da4c1bd72 |
| SHA1 | 40ce8bb2b08e9df7409fa28cc2d0bee7a3d448b5 |
| SHA256 | 5bf6ff537a8f6acff25aa3403349ca08e86242a590b143c77825d043928afbc6 |
| SHA512 | c3ac83be5b1f58c8ba21bc8f8558627aa0cf38df8ec8fbea9d101efbbfe33ba9c675312caf20b097e5a2dec5554257ce2da9a743a488712b6e280b36070cef90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be712dcfffbcb36fa6741b865e0272e1 |
| SHA1 | 6c8419d1db7cc693f545685685f84c62194c28c0 |
| SHA256 | c30b629fda54326e680eb53604600e7ddded8c74b0068c5a1214ce4c83944e6e |
| SHA512 | 433ef77e5bed81470c15cc6cf114627cff81c1151eb7109b1b2812e540654d540024d65b6832dc9bf3fcadbbdfecdac7168d213d6f9a44772a85a359f96a0890 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2037232411a76443063f8de75139ae52 |
| SHA1 | cff89b817d244b0365627bdb45951c4e4eb6f2ea |
| SHA256 | f42da7038a7d876a10b1399618743fd99318f90e246cd7e2db0e47edcb8436d3 |
| SHA512 | 0d6182b8b6cf9283808d81eafc1582d9e1cdd2117feeb3a626b3cf0bd3e6008413a2ad69ec5a2d22df08adcb3a29d21e57df8a282e555884ab745db478c799cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0dca8ae9d0bec861a5871a8501fc1e4 |
| SHA1 | 2b4ae78ae6cb80e25ff54ed9780f42bfb2a0a48b |
| SHA256 | 6f505074f27e4b782ce83002c1f2fa38cacebc90b4123ff640e7dd39727b0242 |
| SHA512 | 11371bc0f58a05fa9e4771bf8defcf4eb55fcb10b0b1cdd1dfdd432f89bf52d28288d83737a7e627f9dc186a8d6dbb7c7311e13b3e59de73141adfb386463c26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5cb47903ff420ef42157fc09ac637c6 |
| SHA1 | 7ca6c5580dac0e632addaa9b65500ba3ac14935d |
| SHA256 | 69b36929490cc116cad32a8cd23cd770bdacc2151e812382290c76dc8188981a |
| SHA512 | 155f494d0602190f87c399ef2814194ff9cb536f56b9953b06e9ab043811480d37d0f872b330c2822c1eb64cf72086c11b1c07d917605499a9eeedac12346cdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0034b752cf23fa05a43495fb60a87cbe |
| SHA1 | 945f9cbf3e8fb9b42d2f1e77429a9f0a6691f22b |
| SHA256 | 1f8babc0d776362c35b72e6569e00d59233639c9a024788150d6f78a3ddf8ba3 |
| SHA512 | 771825adcc20702c119556c9b2145c0d23c42e593856fa7d57839009f31d1d1e71cdebb6240760993b2d100184faf20468745bf228818166cf2323d40fe748a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f94f76b15027af7745f44092299f3152 |
| SHA1 | a377d059b076b7ac80b5fb39c513ef86e0e6f826 |
| SHA256 | 8fbdc8ebef254fc8af7b54c1425d6c35fa8e8a3bca1c37701532ab6a6211eedb |
| SHA512 | 9ba338725ea05a862ffabddf99596980e79bcb070c1aa70798797776df864238d6234879edd7c03274b2317a2725750f209b29d3154c0af289f49e94f289c674 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 069312ba5146576043b1d47a0af7dd45 |
| SHA1 | f7b8445f5df24f870721d645612d93856d84f918 |
| SHA256 | d97696c81a4c931b86a908e7c3add988231923a0f81d69410138272f137c90c6 |
| SHA512 | fe3e2fe6b2d378397ff1f20888c98bb0178fb8a6ae0b7a4f88054bb0372feba2afe265a0f7ff9e3eb01a3a79798b06c5de96408fc0691927ca489fcf00748733 |