Malware Analysis Report

2024-10-19 12:18

Sample ID 230925-1wm2dadd93
Target 846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d.bin
SHA256 846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d
Tags
octo banker evasion infostealer ransomware rat trojan stealth
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d

Threat Level: Known bad

The file 846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d.bin was found to be: Known bad.

Malicious Activity Summary

octo banker evasion infostealer ransomware rat trojan stealth

Octo

Octo payload

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service.

Requests dangerous framework permissions

Loads dropped Dex/Jar

Acquires the wake lock.

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-25 22:00

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

98s

Max time network

131s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_glucose_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3140016200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000a171a51902e40a356f69ca7bf28c7119f86c8bbcf827edd6782dd49f18f2efcd000000000e8000000002000020000000898bf86a98db1bae4b59c55f68cb63df6a9d201d6f83abfb54601d965c6206ce20000000c50912bd74a7a230e5cee3fcab398d4d5cc09d038f732e8dbd8b5d06fdfd15714000000003df8f23500bf80d0a34b0115f4c93ab4e39a9fbb40e83772ba7e8fd5db13c018d6142db20c258a35414f85ec9ae5a292960efb5f3e8140f4f2dc59524ad2503 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401525826" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31059963" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3140016200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31059963" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31059963" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000c7f85080e8d204fc9495b1d9d50e1babbb4f8804839195aca06337391e739897000000000e80000000020000200000005f565c582df406264b5bb50ef511fb40f8da77aaa7bc96a3f1ffd30f2c4417df20000000515f89eedacd8bfcdb57ea5e323de467d466765b37c594c60760985cf8a9a0c1400000005de42f629ad11a71f323110c30e7d3f15aac0306aa4ebff8e7572c5c5912326070ba05b054c859a0b6b7a7466e75daa08c58d0eea799d74fab18905f0f7b51fe C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90cd14bcfbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E672F60D-5BEE-11EE-9784-56CCDC1D69F6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3148921877" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0fffcbbfbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_glucose_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1140 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
IE 52.111.236.21:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBSMWSRL\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral2

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

android-x64-arm64-20230831-en

Max time kernel

3462249s

Max time network

156s

Command Line

com.riverfront8

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json N/A N/A
N/A /data/user/0/com.riverfront8/cache/ngzvnyttctwi N/A N/A
N/A /data/user/0/com.riverfront8/cache/ngzvnyttctwi N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.riverfront8

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 passajire555.live udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 passajire555.live udp
US 1.1.1.1:53 jikugac818v.vip udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 majestike8ca.top udp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
GB 216.58.208.110:443 tcp
NL 142.251.36.2:443 tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp

Files

/data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json

MD5 f9d7541e53b3da21b07114b994c5574d
SHA1 0dceb9f2b238c417f877ce2c5d659c342a55cdde
SHA256 5938a3b4d175985478b8bd2c7ec400fe969855493528ef982e511ca6cb4138ed
SHA512 00e2cc5c4368472fc9fa8b574b55b6c0e18b0a8accfacaa905c7be7844f6cd41ea88fdea35002bb6531e3706619d686434abcead6c672c994524dc51273070cf

/data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json

MD5 b3f54bdf5727697c33a0f7d3076987c7
SHA1 56477825c1b2731afa1a9b76ebb8c533075df827
SHA256 11c9f73978d5a9a12e89bfa4f3ac7c36fd9281438798e75f113cc5a6004cbfc3
SHA512 caa8f233e77b585f6d8cbb08384d974494edcb3705139e9b702a057eac66b9b03ba556c58d5340de6d30ecf64ea7d80dc7afda08b78de6a20e2de238e14d6c92

/data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json

MD5 6a77912b650e56c029a71f6865345df1
SHA1 f87804085c6f813bbb506e0a0e26f60b494383fb
SHA256 d1ea67963a8e3dc3e34ed70537cbd2c8c8a5971ef27091831c88be1fda02671f
SHA512 5cf7f167ed81172fc9884bf45b48be84f45499bd3bfba47615695ad5ca53f5f6f2fc2f8532f4811d444f6179f9cea51148211ad108cf1ab5e88a92c11ad8c68e

/data/user/0/com.riverfront8/cache/ngzvnyttctwi

MD5 20efb40c46b088b3d7f833f6c3cfda07
SHA1 9e61943af7a5c19362385f4caf6c985bcc554995
SHA256 7eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb
SHA512 af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce

/data/user/0/com.riverfront8/cache/ngzvnyttctwi

MD5 20efb40c46b088b3d7f833f6c3cfda07
SHA1 9e61943af7a5c19362385f4caf6c985bcc554995
SHA256 7eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb
SHA512 af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce

/data/user/0/com.riverfront8/cache/ngzvnyttctwi

MD5 20efb40c46b088b3d7f833f6c3cfda07
SHA1 9e61943af7a5c19362385f4caf6c985bcc554995
SHA256 7eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb
SHA512 af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce

/data/user/0/com.riverfront8/kl.txt

MD5 6311c3fd15588bb5c126e6c28ff5fffe
SHA1 ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA256 8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA512 2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

/data/user/0/com.riverfront8/kl.txt

MD5 acb6f7674d0a5e52a7e4f5a96d9f1737
SHA1 a7c803806c36237c61ad6dd3bd70510389b69689
SHA256 55c675a8f88a4b9abb3b7ab7259de2d67fcbe340a10807138bd17c0b7503651d
SHA512 6f7c881d098db63878c2fcca153321dc233e8b9994bf99cc91a1346747f4dee9d4ef3ba67f62a092e9e672533de36f3dc1994b3bf38666989826273c33d820c1

/data/user/0/com.riverfront8/kl.txt

MD5 f9c5653e0e21ed53e188874c09a896a8
SHA1 7f24f407b37034db56a24352acb0010cea9115cb
SHA256 23f298470e4190e0200fcc7bceb0acd10a01a2b4a4ee2dc72c0337f1b6bab265
SHA512 1f1566255ebc3ea109266534fe738a8eb6a62d8f7477bf5c3958ca793cf7b3b95ce9bcf1723249bb4904908f4939a34bdafef42f5ca30aafe477131d78b270cf

/data/user/0/com.riverfront8/kl.txt

MD5 872704eb08c7562b1089bb3fa23c4118
SHA1 ff376ebcc9189fea2d8d0a21497e5c024182a844
SHA256 a13cd666c8575a708aa3c4edafa51638a60aca2a064cbe8cc1232ecb3fe1484e
SHA512 7992b1d3c7d1eeb50142a93804cfbb5a80b31d3b47a1a86eb559e01a96cbb9aa9a1a08e88c9c6c58e3a09b0a9ab0f6a47069169fa4c3c956a7e55f673e87cc80

/data/user/0/com.riverfront8/kl.txt

MD5 b2cda45a5104658e64c5915224a3aa45
SHA1 90aed854c042de66d4d22984f4e163006d4886b4
SHA256 5cf42fa96751dc8a71842a0cabc737b80cc2cd7a09a6116467c0d9c35939ba65
SHA512 ec46e6cb91455cfadd9abf262844e241de71717916b829dd1f916efabdab507030ac4631fc688c9d3a378cb4854ad871720fb0d4cbcef6ad722fb2a9d6fd9726

/data/user/0/com.riverfront8/kl.txt

MD5 ed0e63f8135a2430acd38fa7907aec10
SHA1 9bf12e41d81054cc2058ef44a125e6d013cfdc1d
SHA256 d2658cd813776b40d17b7cf594bd9c3e98e8c96ff5727e630eb4d5ea1516b0d4
SHA512 93de135a5773a06e98baa5ef44612f0bb6d8f5aad5454e7f29a8a9d28fae378907e16c82ae0e4b9791be0aa68a83055762c79e6bbc66f1c14e595687cf8fdbdd

/data/user/0/com.riverfront8/kl.txt

MD5 f8fcfcd348248e5895356f024276f64f
SHA1 c88e76ecf60eb4d97d99b98b768ea0ded8d00a30
SHA256 35b9a84e6462c27d6e0192ce8b85a4d5bd8b877f7727973f363cef3e4e01066f
SHA512 932db12adb794ec9923d235575a3b62c72959d7ca9797887cceb363cbd4f619c5c491e62566e221028b2950c52578d1d11ababb18815961e430cbcfa6924f64b

/data/user/0/com.riverfront8/kl.txt

MD5 87cbf7d7b28ae5c059bb321c3a891316
SHA1 1bdc76d8578e8eb68a69e38356263efef91cd474
SHA256 6d6240d102085476fa3518fdd9e94d4207b181359a02ec370dea601d8ad68bbc
SHA512 4146dd824730cbae0aaf7ed76f1e7e88f9640aa0511ca5a302dc3334dbe7fa11ed19ee7e5d12f746ac70c4a5b27ad4abf669136c18cdc2e6f1b21f2818282dae

/data/user/0/com.riverfront8/kl.txt

MD5 588d55867ca23d7adb63e10eb933d127
SHA1 94ad8a4f6b111b414e6a52f2a24b6765244f67db
SHA256 db18131ecc657cdc652c9b834f8d68b84b9868d13289f63ee865ddca80479bf0
SHA512 65279b99ee73c38c7706d2131245a1eeae76015cedb7abce577d5758b5f102f501df6de9661e4dc7ba6a49c01e6c5236c99ab3306486683c0303da305410231e

/data/user/0/com.riverfront8/kl.txt

MD5 041c902f628110b1656b2af27a166581
SHA1 e9b5bccc181215998b8cc245fbf271d0793b589a
SHA256 5c85f25a34c7d8baa4cf7544e30d5497c605b93ebb3998e09881f1aa4201f1be
SHA512 e6ab3d9b8cc0dde03adf8247666b2000d8b6b030157c53716a297fd9ca6348bb785d2936363d373c508a32d1aafb2465dfda8afc6afceb85afc5ff48c60ff7e6

/data/user/0/com.riverfront8/kl.txt

MD5 b36993ec8a76aec198637198e7ba542c
SHA1 99709f543938d0f87839ab0e844b2afa18cd4757
SHA256 323fe65ab247b046140a7fa6b61b8a48e1fe3b9217ce98d1d928125f6ac8032e
SHA512 a567134bbc211a1d54a5b38b0bc74803ae5d8ded7a97b0a4ee900f515d54c90b48ada90fa4acabcb1196ec4f5714a1e2436c7174d2f8c8756cc4fa5123efed3f

/data/user/0/com.riverfront8/kl.txt

MD5 c84c20d83dc4a0b44d5200bda38537fa
SHA1 a538a13d5e987df6448ec7464df59f988f7f7550
SHA256 97584eb0881ee3ae5744395c8cff1aa8ff70fe6595d6a62742092b1c9aa5fdbd
SHA512 86f443fbef6b3703c6b7b1863a028d896bed07a2288448a2cb658a569895857058eae215067b4397d47360d493faa112d06e2457a9140812732e8d9ee141e8ae

/data/user/0/com.riverfront8/kl.txt

MD5 b607f657a4c2295dae4f3fe519bf0512
SHA1 901e94eba67895fe8d2e2ef73c6630b50ba21d36
SHA256 551109939e68433384226acd66c8869c19e705672e3885ea604c9e9b2b7b9fe4
SHA512 c165278880a5061d159bf8ac8931a9f1fac27d730eb7cb3d80482aee888e0713c62d72fb31d51846f3305f6313a7ece02196faa9eea1024811430f342cb35c41

/data/user/0/com.riverfront8/kl.txt

MD5 e6ef4bb16e080cd1e73b8bdb823ad4c1
SHA1 8b1e5c14517bcc0900fea25307bb48cf8f48fc35
SHA256 d4ea30f1019d80be34b434052d1be9b9b8770e54a64f8d5d8b5f71cd36c0e0eb
SHA512 ae0584d40fdea8819289c6d896ffe135a170414d5041b41e426ef4324f5bb8567b8aacc53ec28d5b228df3cd7c115c8471233fd71655c9b03659c81f8cfa3a2b

/data/user/0/com.riverfront8/kl.txt

MD5 402a82c27328dbd73d6b9df3f77183ab
SHA1 9106cec095cd57a92eac8a7c132e9f955c0ef423
SHA256 5189f91ea41d93ddc6cdc7a190437baf56c4d3b152bdaf6d25dd2e3167568f50
SHA512 baacf2e6a5b571b261c7d5faf41f018164df38ea21e91a9003242702e95b672328356425cbbebf5fd62d3d732249b35c57e8afe062b0a8906619b79c4b1bce1e

/data/user/0/com.riverfront8/kl.txt

MD5 402a82c27328dbd73d6b9df3f77183ab
SHA1 9106cec095cd57a92eac8a7c132e9f955c0ef423
SHA256 5189f91ea41d93ddc6cdc7a190437baf56c4d3b152bdaf6d25dd2e3167568f50
SHA512 baacf2e6a5b571b261c7d5faf41f018164df38ea21e91a9003242702e95b672328356425cbbebf5fd62d3d732249b35c57e8afe062b0a8906619b79c4b1bce1e

/data/user/0/com.riverfront8/kl.txt

MD5 1590113691112aa2a574233288ee8593
SHA1 95d25057b65469552ef22dff7bfc5897b32128e7
SHA256 b01c36dd3b18107bf6970b4dd89a1c47dcfa57c0c37032b245e090e7f447f491
SHA512 1f3394bcefa0342e4feed844918e2cf6afaa09f4a6624485bb2f187a4ebd5b540fd09e7714ba1a3c4d84dfbe2396c27b6f8f0d5e125b7e8247215763af351802

/data/user/0/com.riverfront8/kl.txt

MD5 9dae5d228dbdb80b319b5986a7b40f1f
SHA1 893b69191e5233f8dba50d38144064d80b6e1096
SHA256 9583c78d6754ca6e9f8749ed116907fb113cfbe0999c92e472bb63c5aa9238c9
SHA512 8215828a97c33ba8ebe19d58ee0d51fa076a78174a291275b2bc0585b5b2ddfa1506e224d0deba5d3e166bbde3331e8fe654b7d8270811c7ad29d5cb42266a1e

/data/user/0/com.riverfront8/kl.txt

MD5 18a0e89b1d9ed64426f53b73224c9273
SHA1 7088cfe116dbd82045cec4182243072a639d4399
SHA256 602edeaa484725daf87bf2a6a539bb66eb1cb9af34d7168401484734a6da6c95
SHA512 f6ff0bb732ac3ed17b0e021c4bd28216a58f8cd4ac8489eb5a6b458d94f8f5f8c54fea0daf98ac807659ead75934cb264f14127331b0b0c633a24f085716a4be

/data/user/0/com.riverfront8/kl.txt

MD5 5acc78b6b49e09d269e93706e0a3212e
SHA1 dbd5950c140e96c7c9b33dc11b846e9f77cb8b31
SHA256 26045c7d17ae27940bc5106cf4ae383a63433d3269d1bb7b504b031a1a347654
SHA512 c52a447fc8bbf0347fda325f9b3dc2bd5c076172c8312cfdc05155f8dea832a4bb305408fb74d6fd0d9af26c82ca85b450213146e47979c43ce0977cee2945dc

/data/user/0/com.riverfront8/kl.txt

MD5 51b37f9fefb8121667f381359c9e5115
SHA1 f47efece1d1181ccc31b3724eea0243f94242299
SHA256 ed20773f18ab7609ac8b8070d3335ee3ac01b09bde2443d28c4dcfcec3d97aaf
SHA512 7cd864fed967d91e9d8b23eaf3b9488f6b06886f59e7d34e5785e558fa39a1dbb83bae1cf476a34ddf4079d8a6484e0e704959cd9c8f95acb32659af579f101d

/data/user/0/com.riverfront8/kl.txt

MD5 51b37f9fefb8121667f381359c9e5115
SHA1 f47efece1d1181ccc31b3724eea0243f94242299
SHA256 ed20773f18ab7609ac8b8070d3335ee3ac01b09bde2443d28c4dcfcec3d97aaf
SHA512 7cd864fed967d91e9d8b23eaf3b9488f6b06886f59e7d34e5785e558fa39a1dbb83bae1cf476a34ddf4079d8a6484e0e704959cd9c8f95acb32659af579f101d

/data/user/0/com.riverfront8/kl.txt

MD5 9cbe6b46c9c1aac25f31ce39f9828b4e
SHA1 c1292e6a3874e9bc5fcb82473744556777927f61
SHA256 401f0ed548b69355ff31fdc4c8cb335e836ddde8e878761e0f44b33e9323824d
SHA512 776bdf29053617ddc3b10fef3c46fa2f7449468eb2d9d722c7de96b4534f9b955377729810ce05f50eca29f45801cfe9815873561d3ddc7c8100f37901a0fdc3

/data/user/0/com.riverfront8/cache/oat/ngzvnyttctwi.cur.prof

MD5 1c85e9c87a0cb1576233fef5cb6430d4
SHA1 ce6160bf80b709156c3055825fa2442928b19b15
SHA256 679c5b7a060826863b71b9bd89aac9dd8241fa8f79c13b100d249c5be213d92b
SHA512 cfbb9d1fe81dfc79145351e034b5f4719cdb9f79f4d952cdcb5683303974b6cd93426bdb80ba281816917c9042eced583a52829693a3c1a68d21c93234b61f24

/data/user/0/com.riverfront8/kl.txt

MD5 2f7e30b314a98cea46f4fe7125b6c4bc
SHA1 482bfc831d66bd1fce2dc2fb211cc8306b31eb43
SHA256 898d0078b6a4ad8df796f6a86d7066a5a59b17153495e2dd933e7409e0262901
SHA512 ba791355cd88c89fd82443fc290d7c158753a284124325bf9dc9d809694760b6bb38ed56ca55aa006ebdeeed052c02e3fee911f72e8976678295f94f46fcd49d

/data/user/0/com.riverfront8/kl.txt

MD5 2f7e30b314a98cea46f4fe7125b6c4bc
SHA1 482bfc831d66bd1fce2dc2fb211cc8306b31eb43
SHA256 898d0078b6a4ad8df796f6a86d7066a5a59b17153495e2dd933e7409e0262901
SHA512 ba791355cd88c89fd82443fc290d7c158753a284124325bf9dc9d809694760b6bb38ed56ca55aa006ebdeeed052c02e3fee911f72e8976678295f94f46fcd49d

/data/user/0/com.riverfront8/kl.txt

MD5 35e816e23076f0228a24b6d0b464f224
SHA1 fec78e9eca66d3c533e58a2334829e7ef76d8b9e
SHA256 d7022ae9fe22a570e41519eb2fdc47af28b887d96dee7ddc2d1706b4fa81a14b
SHA512 f9de99b4ff33d6b74bbb54a90e19fd46fbc75c1c6a14740ef336498a636cd1a2a4e6807b9b46fcb7143e389643ad02c1409c7395e2bc48daeae96960bf160332

/data/user/0/com.riverfront8/kl.txt

MD5 1446c0920d80659ab880c3bbe410a4a0
SHA1 5648b4be1fcf62861a1e5a0890f9b3e4d48ce87f
SHA256 4ef8d7cd3c3813256c4775afff7b546e4ee39aa68734fb876e5cbd025067624a
SHA512 fb5c6508cfe5b271d038e0eac2fed8e9c0f6ef65dda6423640214c59150db9508d3724c0558d543836f69b9808e5b17f31a81b0f90a862b6136afb2837e9a62f

/data/user/0/com.riverfront8/kl.txt

MD5 50d5de7928a1c99ee1d213b11001a5ae
SHA1 87d699e1e255671ccc9a9327baaeb6e504e10da1
SHA256 22926dc042623d4e77fe6588bca25c7045abbebcc6aa773c4f5abd71e899b02f
SHA512 36e5b0067dcc371175cec8fbe41ad2b22546380273df8bdd6b24d809ff63b8b375561897386ed9a7a304d3e7ddb5d48841a8a746f09e998af818693c96a3bb0c

/data/user/0/com.riverfront8/kl.txt

MD5 dbc9887ef4a1a4999613ccd358de346b
SHA1 1f3f80169623620ea8cf6f6c11a9a2147e91df53
SHA256 7926258c5b9b4049b4b95c3184e46b82fa07408e84c7cac06cef7e8b4840c20d
SHA512 fda1a1b79ef5460b8c8470f5be2a29463c33bc5fa0fa2fa9981daefd5d19a8d4680670be06627574fe44c85d7d1e02fd6a17cce016c0201e3f6fcfdeed46f013

/data/user/0/com.riverfront8/kl.txt

MD5 fae49d19326fbbe52e3fee59f18cfbd8
SHA1 ffa2524bd66f9a5904b5821a502c714b4151a09b
SHA256 2227c5297a0da396a9bb2087d240642c786ce30a21b515cd2d3d78d6a047d8ee
SHA512 50b4b40e2304f408ef58a0e32fd85e722cad1d6ff9428fd2f04e114d12a9560ff5700230b84f0b432e8570b607c6ee36bd5db59350a7aa87b6d1151c84328686

/data/user/0/com.riverfront8/kl.txt

MD5 e1e6f315b0503b80def6fe8354a9cb38
SHA1 05d100c592241b0d8d492c945653831c4c882467
SHA256 c02c491e009208d7f8501e2f4132d778460670333773854700becc5465bf1f22
SHA512 2865edb13d16d30752f83ec28ce4cd28fc06e5ab294de9eeda3766cff6bc0a200208292e2480ae10c1419851c5c69a0310e5c3143b0ada468b9daf457a63955a

/data/user/0/com.riverfront8/kl.txt

MD5 f47101589282d465c9143e6624aa6ddc
SHA1 51747b95913506a280ddcebaae2a70c4c30c9101
SHA256 94720d0f836073cb680253ebd6cf048dd3ee3d50372d29e24d9d147e0130af31
SHA512 682e89dc8a06cd09b6ec28537011b9499c0dd8d8067cae5f83559b00f849b55535aff0fb9fb0e6c744fed79aec0fa6cd45e747af6c135d584f0ee6e94712ba26

/data/user/0/com.riverfront8/kl.txt

MD5 95bc6314fa9cff6545fbde578f937e39
SHA1 21da67c0a01c0eae8989b294d5b1cf647f0a40c2
SHA256 dba47171bca3efa9af816f547f6a3fd0343c551d601c5f7d64d74578976dbe5a
SHA512 4e97542337df768a9c9f563ee8f9d23cec4500c31f74a0b6eb0a98759874745512484b461214a70eef27952d17414030689435f5b616d6b07d859c5e4f581a9b

/data/user/0/com.riverfront8/kl.txt

MD5 95bc6314fa9cff6545fbde578f937e39
SHA1 21da67c0a01c0eae8989b294d5b1cf647f0a40c2
SHA256 dba47171bca3efa9af816f547f6a3fd0343c551d601c5f7d64d74578976dbe5a
SHA512 4e97542337df768a9c9f563ee8f9d23cec4500c31f74a0b6eb0a98759874745512484b461214a70eef27952d17414030689435f5b616d6b07d859c5e4f581a9b

/data/user/0/com.riverfront8/kl.txt

MD5 3c1999c879c40a2c7f85d101abb0c24f
SHA1 09d068b12ba8c0f0118701ca09da9a3b1aa6438f
SHA256 ec7ea9b6e78fd3b80aea512c7b4dc93cf1395877f1749006f9ce331ecb4a5318
SHA512 1a0537c183cc056a986baae815b626d8735f930f222acf34ab2b47f2518edd829fe4af4c438e1b69ea12690b7a1ab95146bb9a9b768772ed1098d792d145c287

/data/user/0/com.riverfront8/kl.txt

MD5 cc78118fefe95fac7e4faf3aba8a5372
SHA1 1b65dfc726f5e25157cc68642de9bc991d17073e
SHA256 06f4818d57d54f8b9eda655b0fedc7968c4bb95fb47913bb1e6cf32ec384818d
SHA512 ab15c4eb7466ebb1b5542916f4f65a2fce56acb2b9937ac636e60fd3ddfacf2f42951b458be7b36b0117a0c891b002b38d026615b952979de98b147480ffed22

/data/user/0/com.riverfront8/kl.txt

MD5 22c89a32fbb2841dc294c93c91dafe52
SHA1 5ca644feeb09a52444f35e4e8f9511d1df10d228
SHA256 1eddeb5328510c72888d79b4d81f37a1a8f2a61939fd4cfbde08bf8ea6a2247f
SHA512 29c65bccc2304b91eb90a2910cf581d946154dccde3a9c58c17c65319db9eedfc075cea15068d43b800e71e19b6e0c1865b884071bdef3285aa80a171b78b933

/data/user/0/com.riverfront8/kl.txt

MD5 7baa443424162c390a503e4c189a38bd
SHA1 dc29398e50ee553fc46dac4cf37b86b931b7657a
SHA256 d457803e4fe8a7fa2ba6d3ac72139ddcea7cf94b95dc4c36d00b3d6e32968908
SHA512 e2e402cd295643276e9f9a602aa58f53e3021d34c23220967f2da62bc1dd802780bc5a113c43d7f57969061a49a0f54dc775f8859f6b76c6c99ef796203bcccd

/data/user/0/com.riverfront8/kl.txt

MD5 2ce88d1a1239cec78448f0d2a434087a
SHA1 25ac50648b3e88dcfe62eebc9b39984f340511c8
SHA256 e119a393842d44757b903a2a175e01413bf8c42495caf39f96c61e14ec9d952c
SHA512 14e5d9c330ce5825c00955c417164a5ab12f954138760d6598815f99f5c7ab5e0d3e11b5230dc64c8661930567dbb04ca572f765d852d3bc70a0c45971203d5d

/data/user/0/com.riverfront8/kl.txt

MD5 a03d9381c92b33beb58675c995d436c8
SHA1 ebfd7b53ed7653728e56916ce818df3fba806095
SHA256 eb1665af8b591213775cfe470aef0b6dbb317b2408839a39b134375ed9995658
SHA512 4adb3ba94c3a88b8d2f2a9fb1ca95ea919846769d03ce7502fb8210887e13095d759defb98c8a1ddeb6bf6828cb838b65e185c1dc54126d833e658497b0bc284

/data/user/0/com.riverfront8/kl.txt

MD5 dd0d10196e6a74cfecdd863412c57c53
SHA1 d3cc6aca42e3616fa794baa59bbcbdb2d138975a
SHA256 e37c8db41308bfa2300a6b634578a454e65b8e3abe7a4bfbe99c28e7d9eaa4b9
SHA512 63ad3c3dbad593cef04e77886c0c044b38763332a7a55415c8cca37241184863a51f8740e08b3cfbb3d67ad7cb483160d64841f8aa73f5d97864a37b16fc6e0c

/data/user/0/com.riverfront8/kl.txt

MD5 4ff738ed17bfac1846dac02893b062ab
SHA1 e26cf6a5754b663cfd702486f150f1231aa1d876
SHA256 10b659ce9150969ea86a3e74d7a1316e74cb530c86d81532047974bcd1cde664
SHA512 93ccd087c530a20a8ea062ee7d475328714fa34993c6ddf7858070ae37c6023d6cba55f478af62233f7b61d548b1179e6c1bbe4970742b5dc879bfeffcace4ff

/data/user/0/com.riverfront8/.qcom.riverfront8

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

/data/user/0/com.riverfront8/kl.txt

MD5 d493991d5abd76bf2f2a6ba03c89d0e5
SHA1 8b116a143888ce8b711a00cd3fdbb6266a4ad682
SHA256 3b3bc64eaa890dd36fea14c0c67ac5d546c4820c04b1aace53f7735af4d61bad
SHA512 9c3923fcc01f48382601a11a28c0ff23ef6d056c0f87506bcc4d4f186dc02666e9b7e02f81885ddabf3157d0a0b661d9d7a94fc709b605f97f37662ea746d803

/data/user/0/com.riverfront8/kl.txt

MD5 538d4ad9ee3cdf20c78335b257dbce19
SHA1 00c3a02ad16eb721600986979f572ea078d42b5e
SHA256 377174218ea42ab15443e597d8eb7105923f89a84f4fdb0e63dc7605e17e70bb
SHA512 eebd7cefee7a73edc9dc19a7fcc5a53208a68f4a86ae37c52999c31fe6af91ebe65d6e91712cf8672e94b8deace2a128495b3ffaa996cc6ba0e2db66c31d8589

/data/user/0/com.riverfront8/kl.txt

MD5 d493991d5abd76bf2f2a6ba03c89d0e5
SHA1 8b116a143888ce8b711a00cd3fdbb6266a4ad682
SHA256 3b3bc64eaa890dd36fea14c0c67ac5d546c4820c04b1aace53f7735af4d61bad
SHA512 9c3923fcc01f48382601a11a28c0ff23ef6d056c0f87506bcc4d4f186dc02666e9b7e02f81885ddabf3157d0a0b661d9d7a94fc709b605f97f37662ea746d803

/data/user/0/com.riverfront8/kl.txt

MD5 e558da7779859b89e159149962b466ec
SHA1 d29f361c61318fdd484dcf7a9ce25b155153a1f1
SHA256 2a6ea534d7713d893f6b87b43f72f7dae78d69b583a65413d61e3d98f2f172d1
SHA512 a02bc5d2bb60e66246165dec166566759a9d3114c1136397fc7d5c8c97b937840acdca985b1fca6773679fccd43655cfe8d64758a76a482c9416fdff2cbc7ead

/data/user/0/com.riverfront8/kl.txt

MD5 147ace02b0f9da4cd79f2f7a249e5fc8
SHA1 ccc4b96f6839e0111e4771e71cb751dc3f787dac
SHA256 923885eeed68037fe0a47a911598aad868dc7d63982b9a90a41cf5cc4ab9dcf3
SHA512 4b4424eade0bb81446d809b08ee75de142afaf86b4334db86043f0623991bd882b141c89371283fcc36b1a2fa447a5ca607e9a6417d273bebbd9c2c1ebbfc3f1

/data/user/0/com.riverfront8/kl.txt

MD5 b5d6bf05e9a96c941a26d9c2d4f4b68d
SHA1 f46766e6aa4ddbdfde4aac540f67575469a529bd
SHA256 e43eba98ef6328e471873dbe259858e1bb19fadc6a3759ce296dd60a816a3b9c
SHA512 be2436c341a190175bf43ee586d27d702416e2a46de70a01f645042aedf7f06661044e76cc1628d5fcecec866587a784207137673863fb8e5ee48c3f0532090a

/data/user/0/com.riverfront8/kl.txt

MD5 afb4450a78ca459988e8ba175afbad55
SHA1 f522c0ab16e3467f8a300da35a98d48395b7d768
SHA256 d344f8456f6172264c2d2d044bedeeec1622dc83bf7cb0f84aa636d79efbda5e
SHA512 9d26338d97147de0b2952ba2f6b6d54a6395ad449ea2e859126d0cb345c44b3d970a56a7bf6c341283620fa8955f76ab4ff4a00a90f43539df027a7f0ad40052

/data/user/0/com.riverfront8/kl.txt

MD5 7176aff65da887958bda89a0045a0aa2
SHA1 2ae4b68ec62347e0bd637def48c90a57ec34ec99
SHA256 cd1aab2454762dc0b58db12ef8489ad2488d9b38273aa6c1884013112a172b1b
SHA512 963b9377d3a8727a2c1a8fc28a7448ec2220b0fe57e7d0a8c4fdde2d3925cd035ce2a06f33059cf2cc54af5b0ba9dad49e8315fe10afb7babad7fab137bb38cd

/data/user/0/com.riverfront8/kl.txt

MD5 f51a4c7594394171b88d2907299bf487
SHA1 a86b4f73a151e87f4973d3d473f5303319864c54
SHA256 88daeefb811cade7fb8a6c021fc502b2b11e45f1d797c865e38dbcc8969946c4
SHA512 745bce1aaef412961bb5461c79a6e65580684b264474a798aeaa8db1884103f6a573080c876ed1837624b487b0453db18bdda62c0bb6f5ce621276d0af801836

/data/user/0/com.riverfront8/kl.txt

MD5 7176aff65da887958bda89a0045a0aa2
SHA1 2ae4b68ec62347e0bd637def48c90a57ec34ec99
SHA256 cd1aab2454762dc0b58db12ef8489ad2488d9b38273aa6c1884013112a172b1b
SHA512 963b9377d3a8727a2c1a8fc28a7448ec2220b0fe57e7d0a8c4fdde2d3925cd035ce2a06f33059cf2cc54af5b0ba9dad49e8315fe10afb7babad7fab137bb38cd

/data/user/0/com.riverfront8/kl.txt

MD5 115119be87f6bcec3a1f8d19aa40a0bc
SHA1 25fea99ef8dfc5d33bb81deff496ddceb7616182
SHA256 438e230b2a9297d34299b544f30469c1889f1aae20ae1b1b16f05ccfbcf84c19
SHA512 b9e7cf0af306bc323dfc1fefcd8db5850e6b54926d62e98fe4fa279e7a2b17f39fe48ef2e8c70b21b7269e109dd5a56365676ad7d2c111cd6d863c4321c51433

/data/user/0/com.riverfront8/kl.txt

MD5 37509d35daab2f924f73c06177e05242
SHA1 8bbb723e7aa2dfe5b3ccf015a3af05eef5acf8fc
SHA256 f688db7a1b51539ff586cbb64e3e3c29d7a319e6205c0f22df9e9027739af4f5
SHA512 28fcc63882cb612050479a094372062c6e859fe6968621d6cda22a6e01712958a88d636e29c3bc1de3a7efdccdce23a5f91f5eda2233ba7c9875249f35bef68e

/data/user/0/com.riverfront8/kl.txt

MD5 7bc23281063293de06fd47bc39a13a19
SHA1 b7cc599a1f37a65314d7e5b0920ae70ff183086f
SHA256 be3ca0aba5d06f3d94940ac4a15662f04001a00c0d237d0d012851b9ea61d32a
SHA512 2680588e90f4d14eb1356224043344fc4c3c7f526fcb4941b2dad740aea392c9014767b49fe3193396536b323888ffa76e998ebdc443f4096c092f793d46fc62

/data/user/0/com.riverfront8/kl.txt

MD5 562531026b06666bf5eb4ec5e8aa0554
SHA1 2c439ee58cfe2a8d8110fe7dae0cc2ecb2aab88b
SHA256 d1a667fb443c4c437b4a3a427275088afba1162f56e9ce8f464746e807bb4c12
SHA512 eb748bb9e7e829ab50a81d7434745e53436880facdc84919809920523398ce0bc2a2ced3c4bca0a443330dcd9efb84219c51b4817021390576a0686892967e33

/data/user/0/com.riverfront8/kl.txt

MD5 7bc23281063293de06fd47bc39a13a19
SHA1 b7cc599a1f37a65314d7e5b0920ae70ff183086f
SHA256 be3ca0aba5d06f3d94940ac4a15662f04001a00c0d237d0d012851b9ea61d32a
SHA512 2680588e90f4d14eb1356224043344fc4c3c7f526fcb4941b2dad740aea392c9014767b49fe3193396536b323888ffa76e998ebdc443f4096c092f793d46fc62

/data/user/0/com.riverfront8/kl.txt

MD5 6f2f6282e3a7800b8cf28b7001ad310d
SHA1 18ae78665e17f3eb93226d02b78989bd53d4e848
SHA256 4593a94e4af2671e3b3fa4abde4a994ec9affbcf01d84adbe4351baf0166a966
SHA512 c1bef07f28fce36b816e75861b42f23a796c1b6b38418f4d8298eafbae1ed0a8f9cccd59a6ca29086582b8b52a4ead536fa8a3b00855cf1a97a1b28d56c8eff4

/data/user/0/com.riverfront8/kl.txt

MD5 c1b8fbb7aa85b76cd4f7869d173b5299
SHA1 ab89c771766208f63ebb94ddddc81e0f841aaf4a
SHA256 0b3ed61ba254d34a6673202d975f01d4513c73cb930a82ff1b226eb95c81e67f
SHA512 6278b210ef0a6410cccaed6a71b9add38fba235edbaf0590e5eeff7e2d58893e210a9fa65ca27a713fe390688403b678b2c46d1015af7c906142d724adb754f9

/data/user/0/com.riverfront8/kl.txt

MD5 0974984e9ca3477e6dd9fd820d467a76
SHA1 8f3d969259244309825f56f076c0b4dd8ecda63f
SHA256 b9c90fe9f0fd2d11879220c696d382d733ef9b39806adfa2b57987246f0cdc3c
SHA512 a853293b00c76e0444215ba020e015ec42be6da6a5e5b853ae8142a660a0e91593eda62c2ce890fc06e8134d6872a5ee4ce8b09f3b07ba86de21239672290d15

/data/user/0/com.riverfront8/kl.txt

MD5 17ed607fc31610de20a33a2752e09f2d
SHA1 9bd05ddebddbe5f8692a8752ea5b569cb3366398
SHA256 43083744898f37f4efb16283edfe533119a2912ecc6fd2664b8cf4bbb48f9913
SHA512 2a20c61601ccdbbe5f16041973bba66e3971ab8a40b1f6fcb7d8eb6d6e9d6aa50b31c882e7eb165aaf7360737a48aa02cd9e95bdfefc0ae631cfa9429bcb4a30

/data/user/0/com.riverfront8/kl.txt

MD5 72e4321108b0b4dd8e8d5d40a4887dc2
SHA1 7ed0393ce3ed5dde2d166151b4560a6a42363313
SHA256 1bae5d1d35654b7b9cf93b07a32f24067ab1f5fc35094ca11c26289349b77c6a
SHA512 329e29eed06ff8fd19325b8e7d7aa0c02bde956d32b64e4034357d6472b8682af2df3401ae2cbdfb3fe2e06e9809e2ce4ecef57b915653f0dedeaf33d48ede4d

/data/user/0/com.riverfront8/kl.txt

MD5 17ed607fc31610de20a33a2752e09f2d
SHA1 9bd05ddebddbe5f8692a8752ea5b569cb3366398
SHA256 43083744898f37f4efb16283edfe533119a2912ecc6fd2664b8cf4bbb48f9913
SHA512 2a20c61601ccdbbe5f16041973bba66e3971ab8a40b1f6fcb7d8eb6d6e9d6aa50b31c882e7eb165aaf7360737a48aa02cd9e95bdfefc0ae631cfa9429bcb4a30

/data/user/0/com.riverfront8/kl.txt

MD5 fdd2b800aa5c63c3117cedd73daa8d0a
SHA1 f6c4380d3a58e70508811f0b5e9e341bbaf53365
SHA256 3de87562e64a86b67301f98d4a705ece49449cb4003c82610c872c9e4753e464
SHA512 4e728dda7006bac003139ee12c31b6fba47f4289be2cccdf5fc712e6907f1adfd9dfb8872326389d39d12534f0d03f8f6ec21e6c5c9685a9d308be7aa1459cab

/data/user/0/com.riverfront8/kl.txt

MD5 72255af71e034483ef2f64a1e6b357a8
SHA1 51f9dc6784086b9dd3518741d6dfe88bbd508ff4
SHA256 5061364a2da7ce7bbf9ae6b9f0bc5539c0f7c559773e2215800f7b403e18ec4d
SHA512 717b856da21973e624a118ac9d9ba5d3c4c6d2aec4397c0b97ecb1da8aa935a2bdc994becd002e01dd2618612a20be05f35e11c1343676ffc77d7f4d47912d0b

/data/user/0/com.riverfront8/kl.txt

MD5 7634b60755e0d3cd946071dce79ca84f
SHA1 ad83746d3a06e207bdf510d1120f122df031be7e
SHA256 46ce94e33883afe81f6e54347405a6a3797f830eae655a0b8ba35aa653a2778b
SHA512 d23393dbe6b1600af230566a55280d1e973fbbe85bdbc1cccda6e87410b7cd3a39bf719c507fb61c1fa2917fb1522c5846974789154ad97015016b0c903499bf

/data/user/0/com.riverfront8/kl.txt

MD5 7634b60755e0d3cd946071dce79ca84f
SHA1 ad83746d3a06e207bdf510d1120f122df031be7e
SHA256 46ce94e33883afe81f6e54347405a6a3797f830eae655a0b8ba35aa653a2778b
SHA512 d23393dbe6b1600af230566a55280d1e973fbbe85bdbc1cccda6e87410b7cd3a39bf719c507fb61c1fa2917fb1522c5846974789154ad97015016b0c903499bf

/data/user/0/com.riverfront8/kl.txt

MD5 8907626a05e1b0f1d0324afea7a95cd4
SHA1 cb982c49d0982a0f73389c89a5fb87d80a088643
SHA256 6b2cb03b1ad6280a7e353b64f5facfaf9bcc1016585286790bd9169b0d2bd919
SHA512 0d01d79b040491337ea10d6b85a747dc77251344a4cd7220cf4056305ea06d743e43e238ebae81170655713981e67dc6b99c6796331d43609d430d74205991b9

/data/user/0/com.riverfront8/kl.txt

MD5 618a6df8d534801d33bb9df9d40b5ec5
SHA1 a5969a3357429454508294c8a2650e234973ab19
SHA256 26a799f9f84837c911f32167999283d43e0dcf5bec8cd519baae1618ac58fa29
SHA512 9a18d72525ec9fb80d4ac7e4eb0c2a37ab2667d8c8278489cfeb016f7327cd4d29a50fb97fc1447c40b8abd42b337278def3a5c395e932bc35b0e3691efacb81

/data/user/0/com.riverfront8/kl.txt

MD5 8907626a05e1b0f1d0324afea7a95cd4
SHA1 cb982c49d0982a0f73389c89a5fb87d80a088643
SHA256 6b2cb03b1ad6280a7e353b64f5facfaf9bcc1016585286790bd9169b0d2bd919
SHA512 0d01d79b040491337ea10d6b85a747dc77251344a4cd7220cf4056305ea06d743e43e238ebae81170655713981e67dc6b99c6796331d43609d430d74205991b9

/data/user/0/com.riverfront8/kl.txt

MD5 1dfc6a9e8f995cc64b661f47b201b319
SHA1 77f114a21f822f69eed1e0b580bab3b6cc3a771c
SHA256 ca72d233702911fbabbb379df00b57c06b175e7bfba2fa55a3f2ea0831fd536c
SHA512 857e0f918a0ad431e06fa6d6f5457736021030b217fbcb710fef2d23e544fca0663f36da61967c47c761156975c3ff2d53595b82cf5977ab575fbfc66f88ece7

/data/user/0/com.riverfront8/kl.txt

MD5 4ffe40c9283c4a893cb6d4dad1e66111
SHA1 caf3646894d936ccad47343a75ec0e9332ecd222
SHA256 51f20227c28c89003c68a8883491168535b930730a9ed6220d9941473ee3ff48
SHA512 06c05c3dda8e75a82f16e13abab4a79de928736e966d285a2b085e3ba9d0ae71a07a37b8d5997b3a13da9eb67523851fc3bab4dbea92fb70953a08dc730bb422

/data/user/0/com.riverfront8/kl.txt

MD5 4d79afa2334b787b039d566a82be15cd
SHA1 48fb4f0701f1611fb9e714611a95f923350a6810
SHA256 9a31461c729f5aeeb1fd2c7db26e98cbcadd42bbf6b379ef9d175fa1db2c400d
SHA512 c4370ab81fd9c36c4211b0314646424cc51dfc3c6eed2644085d39ce646d66a5d54c6c1fce0f71cd53010e3633182a131a847c08f0372fcfc317ecdaa632ea5f

/data/user/0/com.riverfront8/kl.txt

MD5 3c3ff8b3d13cfb3dfa68324395fa7c44
SHA1 0d94e02344f7827b7f0a5152e8b92efc331ce779
SHA256 c98d94daa82b00acd00dbc51c69f13cd69db26cb4bb467b83aa504c60242428f
SHA512 83b6149a8b4a306636c053d2a796ac32df6075731c9871ee10b1ed0d9b39e0edafd7ffaea526ca2bb606c13c4282e5bef7860eae8fbaa80df7d28df1cfcdf324

/data/user/0/com.riverfront8/kl.txt

MD5 3104f7548441e08ce0a585fe46afba55
SHA1 fea6b71bb7e7e1a6fef9db1ce08e75796bd5a834
SHA256 477c1d18e3381f30d4c4e03fc046a443da669641435a28dd5f8f54cd58c4d84d
SHA512 2b39e4a9bd5a14982fe066af7ecce014e1493b853a817d8f1de5ecf04a1f5d1ad7508651a37b32ed5708f196fc7beabbd83ade877f8f64539ae4a3a23ad93031

/data/user/0/com.riverfront8/kl.txt

MD5 b56b43e268d2025e758f885113cd5622
SHA1 1339f6b49b2969cf79bd97abf15b94503deaa071
SHA256 faa4fb49d0fbfbd9db546ab14b4e10e1996cb6f6ab5d7df5924452de0eb60d23
SHA512 1ee37a05b6ab3f92ac3efd722984f80b1f822438e22d22964834a672bf6b01eab9a55782df6236e3b75c5fe04b21188379aeb45aae9a19f7b38e0aec58ee877d

/data/user/0/com.riverfront8/kl.txt

MD5 c9161e44ffafd00132c4f5c374578a2b
SHA1 da7da2f62109a62e2babc02dcfa97369f4d87282
SHA256 2cf3213f08bcf06af65b5fa189113523cfbf77db2471c3e14e1bf756853b31e4
SHA512 db87c24f488755151b13f956d05585d603526a1d455afa5cea670b0e2f2341762546b1d7c1687b1859a532730e6db650b36121cdf9124e01d9496d9d4c781688

/data/user/0/com.riverfront8/kl.txt

MD5 de8849f14e16842c30c9f72000bd637d
SHA1 a25049f39593d914726149587c40d970f6d7da9e
SHA256 3d7477dad898d51fac78926531cc5f90b15a0ef55f82d22311a6a8c0c27b0b70
SHA512 a7ef149e1399e1fdd0494fa7d799f2a56c256a57a4278ffb066c99e125f7e9aa842dbd656efa68b3f36926ff26e455c43737d2b27747c5fb98d91baa3be2fb31

/data/user/0/com.riverfront8/kl.txt

MD5 122b67748173ddfc7d02770d746d84c8
SHA1 6242f9d0ac1c5cce927798e3053c1abdd7239b00
SHA256 3aedf64b81d3795e3796ea9c303c0d02661f647ca3f059656834645313baf6fd
SHA512 b8f1e88cbc1d0a1acd32fa58c272458bc18c2153f0d552f067567ec768822e1af329c7ead59be0099a1aa6a6d2982c25212ce91d6af6139c6bca39ca337e1820

/data/user/0/com.riverfront8/kl.txt

MD5 e196f9c82ca99b7eef2f94588be42748
SHA1 02aaf7dd01c0afce3cc801fdeb2f051f34ad985f
SHA256 805ea1aad0303e0511458846c95bad2abbffa9b85e78b762d7b2eaab1ac98797
SHA512 567ffbdc4ab582d873e355ba939257eaf8d80fc716a98bd559cd517cb83d15afa4ddbc19bf7edf1d39c46c4175b58b539f639abd8fed8acf440d0b107ab5c4a1

/data/user/0/com.riverfront8/kl.txt

MD5 e171f130c4b91e072f38a7855e9f715a
SHA1 8b66b2a04be7a5663d4c35267f0d116f1860b7da
SHA256 8acc2088197416c8de3df09acba08c1fb97441cc19c72e164b12ffae893cb219
SHA512 47bc0fb1f71bda3795da4405c7c36741b7629693624225a84c179844338954b50d60d817e15e7bbd9377d0ffe9016a0e681ac30e2a807721a6faab31ada59836

/data/user/0/com.riverfront8/kl.txt

MD5 8c32987b62c82b2fc6a6e09f11f79f7e
SHA1 802388bea7f69be079818cdcafa59cfc9b0ed812
SHA256 45841b4d83f6fba801b529d7d5f651a964344ddeacdef3785a1f3c06ebc2dae5
SHA512 602925cfd2d82b3ba568d190e8712408d360308c190a318b37dfbb48c7ba2001d0e9f09e704bfa6f45345b2305c98e7f7908c960a85620311d1326ada59395b5

/data/user/0/com.riverfront8/kl.txt

MD5 3b4969a87e9a9c0458968c0cd288fa87
SHA1 2db51f1e4cd73531bbcaab2659e53cb3633dcf28
SHA256 948755dda95b2ace0dddc4bfba9db6cab1890c4bc43f8546863177a7dabd8ba7
SHA512 ce33f6dace4b65c478468cae8f8da4439ff1c7f1d66f3988a1b73cfa03ed6e5c39cff2f340412998d2a283e0801c60d89f22e2d0f7400cb1d7a9b94669b808c7

/data/user/0/com.riverfront8/kl.txt

MD5 a40320f006da387a00a84f4bb50195a6
SHA1 8f539d4c9729a5436beb6dc78aaa20e85e505fa7
SHA256 21f5d96c562fdb8fdc549f315f283387d8fdef9dc6072c199222013ddd1c8046
SHA512 d4c19051841d177ea371338dcb674962cd68f19154d9401c90735242f30666b17670460ddaf2098cc3e3fb5f39d20c2f784243994ad9dd9c04ebc3c3f2ffbc33

/data/user/0/com.riverfront8/kl.txt

MD5 e144befe7edeca01ecfa6df7637555d7
SHA1 a9aa155ece6a664da7e7f5f073ee3ef2051e490f
SHA256 e158965c347f5ea1c74b491b2b3c18878c067d4a6cce656c3b3d8f1085ee9022
SHA512 50ae7da2ade2aec5d38fed5d7c1c4295678e57caf3867ab403649f1510a970a892ef4e1797e62024be609563f609dc523387f12b74df2b6a2cad424528eedb27

/data/user/0/com.riverfront8/kl.txt

MD5 a40320f006da387a00a84f4bb50195a6
SHA1 8f539d4c9729a5436beb6dc78aaa20e85e505fa7
SHA256 21f5d96c562fdb8fdc549f315f283387d8fdef9dc6072c199222013ddd1c8046
SHA512 d4c19051841d177ea371338dcb674962cd68f19154d9401c90735242f30666b17670460ddaf2098cc3e3fb5f39d20c2f784243994ad9dd9c04ebc3c3f2ffbc33

/data/user/0/com.riverfront8/kl.txt

MD5 b67b0ee331b4f428e80d47de79f116e2
SHA1 bc5ab40f3b7c07268a70702b8ccc4e9acb832523
SHA256 2d52c84c483e970f3f56164113c33e11d95e7e90f4b3648cfe2ef82b62be3b46
SHA512 568be534e414e44188cf10bfa2b279247284ca5c9931bd4a53c1c64886c0c262329a2d063495cc3d45f88bb957fbe4a6cb19484037065c1445ae13b4e9b8ffe0

/data/user/0/com.riverfront8/kl.txt

MD5 2e2092864c03252028ca111953a130fd
SHA1 04827a35ddc6c0c3861b01f5ef7e6073b4fa3e95
SHA256 a3c8c15e2c62d9b4670e598b308f4b5c60fd93e0ee8fe3c2007b7da689c97e12
SHA512 38a2c3e04d7fe5c28f7e69c4f1d06137c2d9fdf37e39cc9fd2e138f821a5c08e2611e625101404750f19b6f08407172a2db1319b103b28eb769ca3b3a89dc39e

/data/user/0/com.riverfront8/kl.txt

MD5 0cdf2f8f7d0821174a4fe26fef03004e
SHA1 80de699191196bd3a028c8c19eebd757e3fe841b
SHA256 d329198e7b947edd9f296c19dfb4b3106cdade53074fcd63899d674599c195e8
SHA512 ae209d4b09dab5d794adb280fa37c2a7fc1435b9bf75c435f87d9e19577c49e64f513bb682dda641823dc31bb4042a21e2d1710358575119e23d9dc61247d2cb

/data/user/0/com.riverfront8/kl.txt

MD5 0cd6744223693a90b3a1a7183dbcecd7
SHA1 9371e85d0a0b6a1356de69f30a27aa2649dcf751
SHA256 4c696e97fba20c1085acfb06f9e21aadc221a5dfa644c3dd337e757f9f42221f
SHA512 656dfa25c241fddb7316e76683f5b83b650e2788e53faf69218066faddf58b3a5a5623d3daf20746833817486e6fd9f340e64a9eae62b521deed40b7d501d621

/data/user/0/com.riverfront8/kl.txt

MD5 dd1311842130581dfd9f4a99a7e5090f
SHA1 2e931703fa8135b9363e154e41c32428bd97e14c
SHA256 f0332619e0306923996cf09038bbd6eb3d18b98ebaf9fbe03f81990ee202f189
SHA512 28f0f72afc1b7a20d2d1c9ab87fd6d1191486b2fa51d49dc84e6d27f2aee3380b6a6bce531f28aca44f6b4b3a5e0493c9a54558bbf8fbfdb8e044b9b4c76db5c

/data/user/0/com.riverfront8/kl.txt

MD5 24f851724b64a715c68d5e46b995be4f
SHA1 925c98bf043baaaad58b25492481e50c1ed714da
SHA256 c9af1f9895e9ed500b85e01ff7a9510f5cccbe308b95316425ec508ceba2b9e1
SHA512 9c9fcc291bf169c6577a0c6b01d7dbe5d3726d0ae115ad0a1b40c28c3cf03648c3b753cb66aa853dba1387465d3a066fce4d7298e85522246dff197d4ec0ccde

/data/user/0/com.riverfront8/kl.txt

MD5 dd1311842130581dfd9f4a99a7e5090f
SHA1 2e931703fa8135b9363e154e41c32428bd97e14c
SHA256 f0332619e0306923996cf09038bbd6eb3d18b98ebaf9fbe03f81990ee202f189
SHA512 28f0f72afc1b7a20d2d1c9ab87fd6d1191486b2fa51d49dc84e6d27f2aee3380b6a6bce531f28aca44f6b4b3a5e0493c9a54558bbf8fbfdb8e044b9b4c76db5c

/data/user/0/com.riverfront8/kl.txt

MD5 cb69b731775771f27513d5933cbda26c
SHA1 bbcd7b248f25da1ec935a960c249d9d1de041a1f
SHA256 4836da5a792b1039578e9e0d852786c0f60afdf31413711424fab52b601f61ac
SHA512 deb5a0d8ae7ffc617cf4e29036c8fa20c699be76cfb84b0e644f56dfb58da7971c50d2e439ee7c3cc38b24c9c8efdc9422f94265c8a545512d3471d1170961e9

/data/user/0/com.riverfront8/kl.txt

MD5 0c7be8b7aaf758acd224c372686973d4
SHA1 3dd6bc989b511aa78dcd31d46714eb3a842cedb6
SHA256 87baf47d1f5287efa2e88a8b4cfb145a34788200f806a5c1f61e764668cb5556
SHA512 72f7c8627e4d66a0214b3e71fd7cb99016d3f198c2281390c7433a5aa363b7b03f90f58653282759083b240dcf068af87a699a6f915aacf533b2f9a40e946593

/data/user/0/com.riverfront8/kl.txt

MD5 de6eb73773246f3e3a32b667cc87c20a
SHA1 7e97bee8385dcb8086336c742c9b400bc0bbb54d
SHA256 1602f3d3fc511a9b3848dc23b938661c61fe451cff7a8b2a44300194dd1f1ae8
SHA512 1eee05ea2a8ebbe6813c9393c33352912babe04f135208799e88b3921259ebd42c4be7293fedc8350ebff4c6d49e06611505f557675f63ea0caac1440a1e65de

/data/user/0/com.riverfront8/kl.txt

MD5 e0aaca6888b0c017aa946ee58bd4051a
SHA1 94aa937afcd104abfabc80143a553367c415962c
SHA256 36a1b43b974c884a321618481f1a724617a1d1fd42c70f3d97e00d31b1fa389b
SHA512 51bacfe273a5df5f42f20540d8d3cb65b7ab8494a0edcdaec293e0cc34806a03bcf577601a0abbfcb47901493751492b6cd7d7421b5a38fa66847d63115f2205

/data/user/0/com.riverfront8/kl.txt

MD5 0ba4cf2244df7ad4d5acf0ef26542ae0
SHA1 859b32848de4670b3d8a5fafef9d3a1dd8cdcd4e
SHA256 a87aba0ccde53aed771f5b948b76f6fe6173495a81f4cc5f2ea37f6832fe20e9
SHA512 dfa7deec3c4afec73908a0c8c973a60456579b5a3adf2dfad0ec544afac4016df701b0d831c1dbc1d357e99c81974d04c9054ad47c03b4dc4e4f2c286ba7cc1e

/data/user/0/com.riverfront8/kl.txt

MD5 e0aaca6888b0c017aa946ee58bd4051a
SHA1 94aa937afcd104abfabc80143a553367c415962c
SHA256 36a1b43b974c884a321618481f1a724617a1d1fd42c70f3d97e00d31b1fa389b
SHA512 51bacfe273a5df5f42f20540d8d3cb65b7ab8494a0edcdaec293e0cc34806a03bcf577601a0abbfcb47901493751492b6cd7d7421b5a38fa66847d63115f2205

/data/user/0/com.riverfront8/kl.txt

MD5 259e6f3dbefcdbc70ad50dfda30dc57b
SHA1 be56922314000c4283e4096081b3cae337f191ca
SHA256 bae4b00d7649cf68beb9de2e2de25a992c1d4c27b35ab8976e2bd7e67408dfeb
SHA512 909dc9329db63471f2f2203095c35ede906df2fa20767588938ea346afa3fddc60ad6623823d0c14db768bdde37d9f2e86ca14938656a5a22f56ff7de2cfa724

/data/user/0/com.riverfront8/kl.txt

MD5 d8c77f99de5adac850259e24cc3bd8c2
SHA1 24fe91c80ebd3581af30d80e7d31ea1e9da298fb
SHA256 1c84cc7ff797f91ac17169c853fb81c7e8f6e8c14fd26a531c9fe8bde11f7b2f
SHA512 8ed6a2bce388e8c3589a53279f63c0fdecd1582fa8f16768f9414c48e4675e0934ef438fb8076aa269b835a58cae882cbd1fffdd5bc287316f5e1f5348135b55

/data/user/0/com.riverfront8/kl.txt

MD5 09163943b29e6379cc923f094949d277
SHA1 17440ef84f88fc15c1b7d18b5abc86bf0e2b3b4d
SHA256 8375a0d1408858f91f3d3a9946129d9d14419dfa2d5a84ae3490a835e71eac07
SHA512 4867da26dc451578bedf70eb345170354bcf24c2ce12436ebfd8c45655eaf9c7d84a074ef7d472e889fafee66974fc708206066678cd3b1723ec8de42004bd2f

/data/user/0/com.riverfront8/kl.txt

MD5 f303715cbf57e4e5991293294810cf13
SHA1 224a77dd37efc0dfa88aed549ee6b4089de67444
SHA256 5d531151c24dcbc2e28582fdc45d7e017c6a723f993260fc6c6f3638e9b275f7
SHA512 99a36640f81b9420df5a85635f4997b71a486db6c114b3954d77efb02f570f308d160d7975733d7bde11bda3ec56a5a385ebd6f060fd906bcc0e48ad27f1b26e

/data/user/0/com.riverfront8/kl.txt

MD5 720d91fb880d38332f7467003513869a
SHA1 ce2e27372e568e7176539684a15536563c95ae3b
SHA256 2e64592b4acc09ec6f52f2db925f5acdd18684b87809e5be56a49a1c31aa2a2a
SHA512 5a0e6eb733b701cc513dd2a71dbad04d864c80c2159540dd7f322390a374c1300c155a1bdeafbe829c89597db69a7b0ffd14c9a3dc692c23262bbc3769042e82

/data/user/0/com.riverfront8/kl.txt

MD5 33fdb53d6c9f5e1328ad251ddb0c48f3
SHA1 dfafbc94ebe56229a166f3996b2de77afa8bce88
SHA256 4a2d8bb0791e552e9d1349ad9625f7e0415029df7d0b74d6761f32e83313f705
SHA512 eedf988b70e2845bf89f3dfeae34c949f114c93c8077c0802be4f30c46bf2cbbff61cf25374f9415f5073ead95d7b7de31748b9a454e5d8563520418599684d8

/data/user/0/com.riverfront8/kl.txt

MD5 720d91fb880d38332f7467003513869a
SHA1 ce2e27372e568e7176539684a15536563c95ae3b
SHA256 2e64592b4acc09ec6f52f2db925f5acdd18684b87809e5be56a49a1c31aa2a2a
SHA512 5a0e6eb733b701cc513dd2a71dbad04d864c80c2159540dd7f322390a374c1300c155a1bdeafbe829c89597db69a7b0ffd14c9a3dc692c23262bbc3769042e82

/data/user/0/com.riverfront8/kl.txt

MD5 f17a9c93c114f6fdf453efd90805ff61
SHA1 a4769a08b327a57bcbf33f259cced50f887cf84a
SHA256 dec86af861fe7ba92ca21e701d18d89bd21b4240f25c89b9893b9f201abf9026
SHA512 513485957c9b2ad59bf25cf90446a2e264d6ea2b3b798ce808d619e0dc21d77d3c9b8bf7421e85f14730142f325d08789834e54674c12d009ba4d22ae47c0454

/data/user/0/com.riverfront8/kl.txt

MD5 077d2c8710e3a637be9cf1265ec88e7b
SHA1 384c431ad17891d1fc81204c6051c2aea65a0f27
SHA256 b7b4edde7cb362752181b597eca75ad8d117b28a9d88c9b2523632e6df8cca48
SHA512 cf35c9a40d0b84d6164a22fdc3fa4225abe3a3977331573e9ddb5f48ed3527eeee7765a568d3d1e53ecd87599f1499cc9c951f3737cc51f257fcd087cdc49ad2

/data/user/0/com.riverfront8/kl.txt

MD5 6be474cab7db9561f4850db775f8be48
SHA1 3887b58d400d1f888ce83f45bd5790f696b32da8
SHA256 ca450b530b9c3fec977195aabd6cd043719efa0d1d1474912215629bfbf04ab0
SHA512 83d8a05534410545dbd257e07430e586a7f7b45ae5845b310c352f2702a5db93df740db2d0810da142435b539577266d8ff3519241e7f85ab9a1b36a794dfa2b

/data/user/0/com.riverfront8/kl.txt

MD5 077d2c8710e3a637be9cf1265ec88e7b
SHA1 384c431ad17891d1fc81204c6051c2aea65a0f27
SHA256 b7b4edde7cb362752181b597eca75ad8d117b28a9d88c9b2523632e6df8cca48
SHA512 cf35c9a40d0b84d6164a22fdc3fa4225abe3a3977331573e9ddb5f48ed3527eeee7765a568d3d1e53ecd87599f1499cc9c951f3737cc51f257fcd087cdc49ad2

/data/user/0/com.riverfront8/kl.txt

MD5 f7a36fea99dffd77db5c0d8f833a8e50
SHA1 6c71bd09ca9793941189adec99d7595f5ac3d1d8
SHA256 265cc5a7904292d92c0cef6ee580898997db909b4726d412d64baae66239c69c
SHA512 8905e4f814dae7297883ce4743fdf1232fe23c3baf3445b853ae6db5ea86eeb5cdc652669fb38f45deb667afe1cde215eebd6bd427691e595632addf48e5f23f

/data/user/0/com.riverfront8/kl.txt

MD5 1c164c5638c265866447125e774d42bf
SHA1 0671825f59d27846b3b01c85f7722a63bd449626
SHA256 d77dedaaa7bfc9e485ef3dd8fb3e1fae5654f99097cabc414975c261ccfa1604
SHA512 5aa7ae390e16207d452ad89fa8bdf72dba12a817f8f67a94bd7444161a3aaf37b39d4ed902618cd66595dd9d253908f5b7a9aa2c3afbecf045714e8b44ad6a97

/data/user/0/com.riverfront8/kl.txt

MD5 08182e3720d48cd2b9530ddbef6ff766
SHA1 655117127739ac60a257f93efcd9302330359eaa
SHA256 c1d0d556f1ff30d0ab82529cb03e4a0890bc5194183544addb5cec0c1182703f
SHA512 5b385825fe4534f468215d4bcc92f9903976160b84d6ae9213213fafc93bbfc50c132c78bae5144f09985481bdd104f15a0d6304f39053a37064145f1b763f43

/data/user/0/com.riverfront8/kl.txt

MD5 d714455f72da6eeeb8f5de2a236e5afa
SHA1 076f8a7f203232e749826a8be89058cecf2b3925
SHA256 13eea7f209949f1a79dd89681215efae60d444ae816a637cb49f1ff0a02733ff
SHA512 b7a8575d8c1e73b3d8fb7c54ce580b22cb807232aa102bf1c0eb44b3947d10be8527943e6f51b5c9f5c9118e645395a7489bb4fc906fe87b17e0709ac872e3d1

/data/user/0/com.riverfront8/kl.txt

MD5 bce59684af954f558bd45d3ede4700e3
SHA1 cc547db443fd438ef9037d871c044b55bffe407b
SHA256 be40c22c66a50f8cbbbfee00aca2178e6f1c1d82f03de8dc5eb315ac54ee6639
SHA512 05cd0201cc89a4a2d87027a38ea00725dc4dda311a1f5fd350da20ed3d6aba5355465bfca88dfe829e0b8b8415dc0b1b393cf5a40ac76a0d40fdfc60da53efd8

/data/user/0/com.riverfront8/kl.txt

MD5 d714455f72da6eeeb8f5de2a236e5afa
SHA1 076f8a7f203232e749826a8be89058cecf2b3925
SHA256 13eea7f209949f1a79dd89681215efae60d444ae816a637cb49f1ff0a02733ff
SHA512 b7a8575d8c1e73b3d8fb7c54ce580b22cb807232aa102bf1c0eb44b3947d10be8527943e6f51b5c9f5c9118e645395a7489bb4fc906fe87b17e0709ac872e3d1

/data/user/0/com.riverfront8/kl.txt

MD5 69228af82fe0a36385b26f3696a5e0c7
SHA1 046f2340bbc51a9753773f9503c382663644f324
SHA256 bc7547cde55fc2982cd096035c254876983cb0fecd4d712c6b5f3f05852ef157
SHA512 c9c5a1aff5202ebbed0713d82da3a57230673c65ce95e089f70f30b91492f3896f81c2b9eed3c3fc997cc4856c619455f5129e703de224081bb6adb7255bc308

/data/user/0/com.riverfront8/kl.txt

MD5 b98fc0155ec71b4fabc50718e293145d
SHA1 1e66e3f8f397785897a809c43e26658f11100fdd
SHA256 a350082d4baf9ae2dce7028e5984055447ace3748dfe771d5c7c5f31b44c90ed
SHA512 33bd66080d1ea96801e0acf37c72aceb734bb244a768b08f80e43be9023ddf60dd26d56850a448c56a6b0ca5372628c6bcc94ccc875b24788db730b8ab2245c8

/data/user/0/com.riverfront8/kl.txt

MD5 f6c48c0005c7c3a684abc132f9e1e23f
SHA1 9488588f79e409dea446232d0a34435e9fc4628a
SHA256 f93138ebc0dd515f330ca1728278088bd32e8391aa4f8a8629426c159b9d07ac
SHA512 6d9237a6f960013326286b6725435869479f8405c50d76c08aa9de53909b4bf1036a1c93820e7b86857e72e6bc714241c3b25ad2e73b947bfd5fb334416b2ca9

/data/user/0/com.riverfront8/kl.txt

MD5 18b0346d27ddc6fb66bd5be9c6df7426
SHA1 ffe332d07ae389abaa523d393bdd3147703a1a7a
SHA256 bc84cea1092158fa06e21d60bba265c5c0634ef9f917ae257f09ab977bbbc9ad
SHA512 ab2daa967d48bc523820dafd3b0e7907ed54de567ddd1c2ec970369b5a9c8a13e7aa56cbed1bd4348d33baba14cedb67c89078212ed46f27c56240041306306b

/data/user/0/com.riverfront8/kl.txt

MD5 d74430c954843fa7980afa33107ad06a
SHA1 a1161178ce755e1ed2cd519aad463946196d8d4f
SHA256 43c8934fcbe7fdcb447d58e227e5f38213466d1afc86dfcc113a291bda7e3a50
SHA512 74704a48bc4f4a565ed07a9342c907478cfa9ab719826c5f9b417bf183e3049be4288b0550bb3eb339c813ef5906532f0dacbb7c2cd7a8f553410429d5474f5e

/data/user/0/com.riverfront8/kl.txt

MD5 2448d5285b98799b804aa25306baf755
SHA1 eec278672bb011c548f9ad9fa02edbf602e37d3c
SHA256 e1756ed7c8ab0a3ab10174b8e72ecbd14256bef7e74326f87f027f76676e7f06
SHA512 7840ba4af633a27686ae560625498a7f402db9adaa35599363c854dcbe271186424942cef38eb813d184b6c073a9024f8dd88d099ccf70dec04b6304b56868b5

/data/user/0/com.riverfront8/kl.txt

MD5 06d60f8c35022d185fac2444ea9eb022
SHA1 4d53d1f41f45babebe8688778b1b09bbd82126d4
SHA256 49a97c2bf94a5eedd63a215a58172c88eabe8f69cbf3ef27262c09c4093233f3
SHA512 a9cfec18de2be9360f1dc425648092280d2b255d3fb7842d7ab1946c26258b3f468e2c86fd9894278435a5942bc66fe1fa6b37bbfa890cfc9b155eaadc90d07a

/data/user/0/com.riverfront8/kl.txt

MD5 7bca7201e2f2d7d980a64f449a39602e
SHA1 ad9cc24c8d0cd011390595fb48e43301a4a125ea
SHA256 a06e4ba1f1a04c57daf02469f55c39e7ed2438b3bb736d15f9ef144ba45db28e
SHA512 ce7ab8b4cf91c8aa629c50fd31b63e12b93c9bc88504198d085f3dbdee5d44d2e8addc92798e4ea41f5327489e73695cf580ced0a71d5fb9a0f20f46a7ddc6f3

/data/user/0/com.riverfront8/kl.txt

MD5 07a8579450d79c3e4c350804c48496ad
SHA1 05d132d511c036cae66bbf883f0bb3396f24fe59
SHA256 e6b915be48d0b0a5c990a14f866745d42d1ba6b8b41b579e496934b3125c895b
SHA512 171d0d3330f913ae82df1e8b5af52257fb75c43f538b1375262523f6c0e3b4070b45b361ddc05ad03e3082dab64a84df9620859038e721126bb8545539a1e6f3

Analysis: behavioral8

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\assign_labels_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 209cabbaa1e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6FA276E-5BEE-11EE-941E-C68ECCB5A471} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401525921" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad3560000000000200000000001066000000010000200000007c6ab09a9951f8e49b1f8a7c0afc334040177d00f81afc227920ca2188cde61a000000000e8000000002000020000000449d33f4cdd6e00deb11b3098e803920d030bcf7dfb6f0db5931d45572ba1df5200000001c02e8a88a50fe3337298fecc9cba5efc5570e748c1b0b2c8c1bca41da707aad400000005f11824f9c88868e87270deba0b41b94fff85db704bbcb88cdc0399a9d21c4f770ff1f204b3cd4c5dffd90aa0574fbee27c3d188436d652fb5fec4b0f5d1fc6d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad356000000000020000000000106600000001000020000000c49babc33d92307a4926fe4ef744a7f96d45f4f05c6b32bed78f28aff2cea9e4000000000e8000000002000020000000483d8b4a2c3bead92ee5e3d728343d02db3da2bd932e8fd546b892fd7e3941622000000085370330e42775b6f426aeaf4057aabd752c80885b50f1896afd7e9e9cf6d7dc40000000a54e54a4c38ac136e487f39eef26fea314dbccd0a78f48700a5b911c3f81db7d371dd055edd8ea5360d98c83cc4db74c56c11bea9f42a3a1027ae86913dc2f75 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40b59fbaa1e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\assign_labels_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:820 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRL3SWXH\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral9

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

135s

Max time network

131s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_glucose_entry_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E58571C1-5BEE-11EE-8900-7AF708EF84A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841079" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000ff2680d05cb189b9e5f49c64b68352ea445b522400cacda3f75f4bc321b4d472000000000e8000000002000020000000d1f4f73aa08e6db93cfc1de0fb43139b8285b68f5f283a8467e7cd312343fedd90000000b36cd03e85591ab79a77d8c5c2316ce5b8460d620f0fef1c93aa3e8daefd6a2f7f8864a84884470041bc911bc3d27dfd3ca825b2c63a36308a8cde7426df61f7d7dfcd9c272d52442253c8935ba30291e581a1620fdc949b73f41bd60e3ed337baa1f825632e027d6b78464407905654924edb29282c35744ecd7a08f29b0d708e18ba631125dd4bb23052d75db5a5de4000000062815b03aac22c0dca4ee1fa2d5812e65f9a37a42725e0693ec12099c28e5bb21af6d3f173237342d4645decc9ea74f87bcc8aa7fe403d8f4b8fd9fd0c0791ce C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac2000000000200000000001066000000010000200000005c701c6746e6d574efc872fdb9d462151a43fc614bf30090d071e52ac5bc8cce000000000e8000000002000020000000e3f52d7d7d7671de872fbe4e3376673b038d6f8502921ea2acc636bf89257a1a20000000b3e60f3f95679caed25bc1e8375ebe61d4466c2901fa65b588def6dc1b5b6b4840000000950b300ab50ff1c02ea1fbf63545c2d64fc372c7c052a29b47048e450b46242563c57b5873a9954dcc006fae70ee962701240a56b561333e1a95c73675041038 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20cbd8bafbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_glucose_entry_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA3F0.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarA422.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 053f4d9892b8cef5bdf7e6f2b13ef26a
SHA1 0234b1379846313cc956d7410711c07d622f690e
SHA256 22885536769e9efaf6c87dde9c016a3be3c30532733832b98880ffc6fd734bf2
SHA512 636a1d83104bb5a7fd70468cd5ed4c1bc4848880bd812bdd0e8fbd226ca0550c6bf907fff77e372b240d73d39a7fb3dea7d3dcc630a3e62b5a39124a2c30bd87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f5964888bfe74a4bd2374aecba41069
SHA1 c79fbafba073c475f2afa930e610720861c7ef18
SHA256 6313e9aad16e61983665402687cbde1c287540d21dfa46953b958efca2ee4b83
SHA512 8218d82722b4bdd4393e2124c7a76ce54d1954bedd1c4bd548a0005190b97ecc8ca981354d447d308825b4de81f77e45945957dda9ed27ed85315dd7e1c79147

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 194123a2c0e049caa3cd27813a497d9e
SHA1 c961cf9ca6478aa7c8410a76dd2cfbbb2089f5cf
SHA256 1e5f5ea24c90578a6d4e3b6ab25784423590990bc406afdf35278ccdcca1ee47
SHA512 9c00b346055849e24e7cb1885cc703fb50b1363d64dd9117b62ac006056c588f84b51896681d584d7b74096701108b360d175a431ee8aac8a2323e6d4f7f5761

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 434b1a0c3d816666306ac279f517e58e
SHA1 7cf7c1d15b7fa9451332b2453b3ea87dd032a251
SHA256 ca50809f3da2c413106da5cc7106cb23d757c48c84827b6cb7fc133a7f4dd0b6
SHA512 b96594c9a2a9adfab5873640f9d37c622ccbae8a3709a871af096ca85125a52b6e1df18a1690088bb3ccc369830f4f8b457f73810149678ee96102fdcc4f78f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e89ab6b8166d647bc6fd794af7196de
SHA1 c63b83926b057aa467313841fc753dae9f43f771
SHA256 7fdc187904670dc14d21c13745588c56cbf0b3b95d410d9d7f96116645809ee9
SHA512 bec36b3b4f6451249a53b9a3e4809dfaf278a3ff9a865ad4ca8d51d7b175fd68fc163678c9e434a4827179c1821de5f468cb52cfedd1758f117255a03c94dcaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2009ef009f3b053755b50a0e10b6c4a
SHA1 28e3af18d2bbfc7dd6d7631448fc6b3486ec3efb
SHA256 25ff6b290d5b08a5b40b85d57101de18770279420fc857139a4b36e446ae6ce2
SHA512 f1d64c80ed30cfb91ba616f501ecf2536019559cd77df57373a6bdc568dc50e197ba88d194e6d0c83cabc916c1894d6af333244ad3609cce201edcd455f95c88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a056c5b8b3b1eb41fd0cb9f766b5d52a
SHA1 f915a098666caa1b172b6a41b333822fd1df0a7b
SHA256 bc85a92e5dec9ca0470b58c459301923845063a15ea55d007d6f57b7b83aa276
SHA512 21f1920e007f09a67e715882c2649db0d81e61f796f2276fe2f866d1983350455b74e02fe952962629c62d75dca7443c32cdf869c83cbe844ad709f049fb4c87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fd6bbb20f37bd656c1f99de4ff6d364
SHA1 f2a6b68197a0f403786afefbcd8afd7c0f552ad2
SHA256 da0a5d5b0a954b8c4c459fc481a4861bcf44fd1599c5b3c780d6ec63f5a60a49
SHA512 7dfc188045c5a72a0671973318831ccd106c145848478e601c486a1c107d803cc962857b4152636d54c1d0379f0494f3d8d8ef20301945c096773dc122bf5823

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1df8f2198f943f15d697f722fc1e681
SHA1 a3781c9e7c431d8ac6040be9de730708c092e233
SHA256 9e27684b6c83292389a9f5b925a7d3fc2618a714eecaaa0bb3631ed3c35fd07a
SHA512 e7dd6d5cf04808c03607ed776a694409ec9a86605b04d76d5b92e85eb5253deaae87515fa92c787ae9d9a5b99c5471c441d712ec9f5af40ed7809aba532fad0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cee90a77ad42d27d3d23ba078286e5f
SHA1 6413b0f5f33d3c177d19a729c3c8d1999e4587ea
SHA256 bed63e820384be0f5cdc7abf8d0b0f07a27eb6303fe4b25992f4de216c573a08
SHA512 6879033bd8e6f2a235b782de339c20e2d7d5275cbbf6b4e471f227949b249113e44e02bcbf763bd0eeb069222aa6aa8c06e074536357be68f307d2efd6b8bd3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf87a42637a2d8f6d90b90aef17f49d0
SHA1 c84cedd02346a9d88c6dd98d1c38ed20b1ee03c6
SHA256 5766011c6065bcd2d8f2efba2d2cd712e97ba1efe9e1d93656c1e219025a0963
SHA512 f8b4183202f4b0e6d0ddc35c38a641f78550c796f5055b23bfffadd912d9a79675fa8c7fc1116e099c44392bb9667e3a464f4cbb8410e94f535d014842a373e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6798bdcf6b46742d493f9672a262d21c
SHA1 4781294b5b100f78c812f42c2e43742afe4483ef
SHA256 3df8fe8f12bc687841ffee75926e9317df948f2433e2fb0bfb487c2776945945
SHA512 fe06e3c223c2c142e25abb79fa6dc673d962de2fb20f938b67283cc92698aefa817e8d615389d936ad2eab793a51dc74054c29456837f02564a48b88b1c91461

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39aeb0c8ab12dc694b3197849e15b1bb
SHA1 813165bb1b67dac6c1900e0a418c337d092499e1
SHA256 0b3968b4a6ec4ff2ebc100addfd20e756751c840ba155ef71d3dc6736e5709fc
SHA512 7176db3b1c1edc079efaaa2ab801849a13ce6f1cb8489c09b158eebe5e38ca181363d647c9082035f23a0b7abd2ba3b095293301c408ae0bc697c5eb8bd0a9d4

Analysis: behavioral5

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

119s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

150s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 254.5.248.8.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 126.23.238.8.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

146s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dpr_report.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401526059" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10af500da2e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\User Preferences C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000b74af784fb5f38f78548959174990c2036283455ff6e04d82b76c30035ed1266000000000e80000000020000200000007ce12637caee17a2177df62744783c124a76ef1d336c2e73be9ed636155ed36650000000ff9dae95fa1c7749acd049d2e39a86d20455517b4a9360a1f2e8ed7a918f1693954ac25d718c5d912e97dfa5c8af374404a5fe9f1844e259fb24bcb1964e2e63ad5a6b4effb97ebd3e091658a0ca380140000000ae5b7bc648b3e39252fec8f7fdb10aae22a5580c19411fab82ab0771e070f74d53ba26edd0f6607eb88a986b8ec0494e9d9fbd4baf16e6cdc3089eb5832f3731 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f000000000200000000001066000000010000200000000ee22328944d3d4f1be1590bede50221341799214541da6d5a1c596108481b11000000000e8000000002000020000000aa04a841764d8c137cbfd30982d0aa20b70f2c521bd2af49975bec518243e657100000008dd03329d8bc340392ae93e07e1b53f6400000007a6a5b6c9771f8cfa2a26846bbbaa5a9707eb072fa64c0acd81dc823e92db5c6d932d767b43dc2a1dbee63ccacac7aa4df24c919b8bdec8fa197c9de1dafe31b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 042d5e82d5e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30e63f0da2e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f000000000200000000001066000000010000200000004abc65fcee4dc8194a7929553ea80e8a25ebe50163cc2d6f77d220dd2ad42b90000000000e8000000002000020000000d5c5d82d08e93ea7d04b7568271dd215d70fc3eeac99c85f783cf480296cd20e20000000fdcb1d2c35672527fec127e4cbb70c0bf6d203b8558ce9853f16ec9f397eba4240000000a6a8f45e648bd2b7d9554f939c40f164a9ec71ee4a26c86726764ee2f96361d31129a35874549e4550221c419f13050e5200565b4ea31bfd898edf2f05a9ce66 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E697BECC-5BEE-11EE-83FE-CA4DF275542E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000c682ab8d4c051ec4957d105cdb9d2d7aaeee023edb326050624e97ecc4804182000000000e800000000200002000000086e71a086840585c3c54eb778cd099efa7af4e67e4939fdd14590677812ab1a320000000bca9a7007ce80765deb12bcfcf8294ec3abfdf4b8ea0725c353bdafb4b54622c4000000044ccc9b5c1b0cb187f5b6c25cb70cd62ca54cd993a72ed808f45c54c251c6fa62abe50026f70924110a2dbbdb6b1bbc6406cf0fb8e55fa4a8ea73e37170ef4c4 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dpr_report.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1348 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 48.101.122.92.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
NL 88.221.24.114:443 www.bing.com tcp
NL 88.221.24.114:443 www.bing.com tcp
US 8.8.8.8:53 114.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H3JZN74\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral3

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

134s

Max time network

154s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ad.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5E1C291-5BEE-11EE-8F6B-76BD0C21823E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20adddbafbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841101" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000a85176c7b55388d06afeb0bb26790de78a366a71897bca97618e8d0e58bae765000000000e80000000020000200000004457b6a75f75569c1037da2b95fd363a283bea59c1b8922548b1cc43bdb6e70f2000000049b4b329201336ea61b11c40c5c8d565d089c9e58a52c2adf07f28b85007e84b40000000d96b94ad6d34189293ad8aa8d4754399b08a5899ca6a1021cfdf78f7c473d530ac5a3c84ac4556082530823c00c686bb76aee89b462f7131c2f2ef44b2957743 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000332697cdde1a3100988645eecb28e73fc0e56e8a20d87df118cbe2cad588b043000000000e80000000020000200000001d99332bf02b58f4452acd3656fea8ca0231a63d3f8170c71477f53ae48f15199000000009f2812809a0f33c3e63f5394f456c86f9a69b149b4c2df6b4ea95669c3997b359aefff3fc0a68824777f1c6148ed11aa69a196d8ac37705fe6622abe94d5c639a78f47230efa5f4fcc6e9e54af9fb16f7e7ffe01e7077096381eba21ac10801ee97dd839fc767f1ed1ef6eaad3c1155e331ed228d1fdda1e72ed500a52fad4766e5494848845ec656f42ad8c8aff77340000000fd2d84a264413f653ef83b06908c8b7e9cd0c78aa1e4501f99d5e8578dfd6e846cd55e77f35aa074b70591dcf152bbe2dadacf2a9bbb837cffcb816d92ba7977 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ad.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4656.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar4678.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Analysis: behavioral11

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

134s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_glucose_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000aff036ad1bbca5763ca3a72a3b504fc518bbf186083911afd611e9ab6c60d1a2000000000e8000000002000020000000452903ce94a63e5ba430fe26265a1476442bb7f052ca4ae1024c94f508d78a45200000006b7c6e6426528a52eee694483e208a000858baff84918a4b0fa54e3d97342ae740000000f9ff37fbde516cf7d83a18f1ae7b58da58d3ca990893848d44b18c3a538455d0adbf620a0e645345eb205808399dc8bcce27901154ad3ec8ab0529c8e79204a1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841080" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E62032F1-5BEE-11EE-8708-DE7401637261} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000cab15f28f06659cdb9c0fca02d8a4d26a31ea67f699d011e6cc46313932752e9000000000e8000000002000020000000089398447df84d4aa9e932456da10a8b6a0cd9e58abb073bccfaf584e22c352b90000000d4a305ede3e81acfc51520661c35f2c15f13b03480cf2afb305b4a7d2ae454950d1347e7eae8bc3726a4133a2edfbd3afc4384f820f9dd5eafecca606db0caa910be452d9ff7f20216d5ddfe326a6767624e79be9d44f6c53b27aed4b55627b746ffa16e3298f773ed8a370538c36e0d8385799563cfa536ee3fdd0c443daf56e304cf75d4dca9cb96a5ecf033c4605740000000d62a6ebb6b9be9dd9117fb60c985940a903f8998b92375534259f1529eff5e399b63ce4167aa5620f6de0dddd8eff67838b274da0110f99a22bbe1f48203bbd6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907bfebafbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_glucose_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5F33.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar5F94.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Analysis: behavioral20

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

150s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\dtb-m.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\dtb-m.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_pressure_entry_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527288" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50496ae9a4e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6A31965-5BEE-11EE-A4AD-C2C9425C9A59} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea900000000020000000000106600000001000020000000aef15603f02e28df100612788e6b515fbeef0f5b9f45a8cbbe44a71f46aa7802000000000e80000000020000200000009d5ec3a7ce551345c35a556602cb011d99927693db7265ee6d6a5b78f7b07b2520000000496a7f803edf84672f8f3fd7eda40488374bd55ad98064bb8cd66a00c2939a5c4000000050b1714ddb2127e41451ef6fa8f287e2d47824c7ef2136a3fafc71c2d674c48a9ce394f94ae89e0fa0d85dac59fe2ca8051da2770cd6493d7add758947e3ee8b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10357de9a4e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea90000000002000000000010660000000100002000000065f967cf92d453bba04f3208b07bd3fa8bdcbd26e36c39dbd6494c019d75dcb8000000000e80000000020000200000005681271a552bee35379c91fc009e3b5b508b58f4448a1bb2ae5b0d972db11118200000005e2dde10f59ed6ed14de49c992aec8a12a41804b187248e8e913c09ec25d6297400000002358f1ca9472de19ee700ef52307a9d5d55203d27c0f677564f8a3ab0ee67e222db1c16c59b9ad67648191b73877949f75e3f9424724f088c05b639922e38cb8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_pressure_entry_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3664 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 254.5.248.8.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZFOAR009\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral15

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

136s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\diabetes_reports_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f000000000200000000001066000000010000200000007ca9ffa8b8502b9bff1deef371f31f419dea261965a8b9eb54f8cad6bee1beb2000000000e80000000020000200000007916cc900d29170f31c0fdda4d0cad5119d37d88a55283abd5c77a532f2e100d90000000766e95bfe615af9548a299a2ab529d21403d88edbd3aab46eea9f5a763169ee68036faa5f005f6af1931dd1df0af7b596a3d08e2284a7c39eefa9d9f1c85254a37e4c76e1a3d9607ee428fe1cd8aff6dc9d14192e94c6564cd505e8155554eff3483d796cc636cd75798fe8e3871252f38e9c9ff227071784b6b776482f685eef4317a9c22f4455d82c4b27a4e103b1e4000000091b4a9f54d7b461d199af35388865237406629c51486dc3f78aff738b35984779c3e16116c03a4b95332d76f0e23f1474edd71c433b77a35b4cdb4932244c862 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0bbbabafbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841079" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000f0befab96e399ec1728d331fdfba25b776ce4c72d0a5ff6030efefa3fd751cb1000000000e8000000002000020000000318d8c071ab55c581b31dcccdcf16f8f649e7b0e77de9200ddecb2b2fa2ebd8520000000300f9b61ce8ccb2c23fa853667634b896907c9dc1e72a4156f22d3ceea556ee4400000003afbab81f411b6161972db2229f69fca3036be14ca2d33138e54dadf3341e9057bb88909a610ea7560973c04c0b7b096b855b2b555edc85452fa839066c77005 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E577B621-5BEE-11EE-A68C-D2B3C10F014B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\diabetes_reports_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1268 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5228.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar52D7.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d426b22046ec0df912a66d3c8888872
SHA1 c51b6029d4c09860ae2663ead69d4224f328b7fe
SHA256 8b155b52735893fa4cb72597bf5b804cdc4139cecbed1a57d2f80c18e04cc3af
SHA512 f549ba4240afc4fdf978eb9d465690ba97fedd6a392a25bc4ed47019a406c0ed22ecb9676d6d83bfb2b34f02dbcbec2c298da4ef8da3142bc4d5cf2a6981ad68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95502c243b6660f4057d37e6c36a6614
SHA1 bacc86e03a8fe835bd62c29a0633847676e91a53
SHA256 b7e6e528e5bd6b3791c5e1cf7ba3f737b83dfbdde1ca4932c47241fa4fd07e27
SHA512 531d8b2e80248a41d294b67be3b6015d0c1576593ad20a56bd071cec5f1d356d4255d25d6fc973904e615d6a2484ef574aa15a2fb89560422ef4861d85f89a4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea7f072acbb303c11969b86714f93b34
SHA1 98a19b5d93273411d07050b257c6b1b14c45ee2b
SHA256 db554e2b86e4cc5503d9b3f305332667995b42bfa49b20a07ec6c9915c438e43
SHA512 8600bdda8781e971c144d792d2b1d359b89699efe002eeadfed93a41a500d89786d3bc74f50ea0f7702cbd2781ad5c9bc556d49ce786058a554d09f555afa6a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1a5647814956b16f794c472483fe0b6
SHA1 f65f3dbd006ff057398a7df8b31984876338a251
SHA256 c5f28512b371f1c36ff2e0d3e8dd4e36ec8c32f9a7a9304b39ced6b16cafe404
SHA512 3a012e33cb3669a7111488ad47dbf1ad1a454b0ad16239bbb32476726afb11e9a93fed50f1f2e5a9a803725c6c22a9e4b3e2fbbf1b1489790321da0e4899a5d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f05208cba52a66187db3221874e0edf
SHA1 fc52ec24ab1e269b3179b03896e15258503e56e3
SHA256 9f748c1e7781c109a93704de160afe198166fffc1c7d91cc2c53705043ed9df7
SHA512 bee2798e378721ac6481375bae1b38cbc9bf9de940f282c6d79320a9457b2ebb92e6e3631f7ea2b6caa30b6bec06887166c65d1cce5748cca24b5728bd9b7a39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22ec8dd4407b1d7f7a5ac42ca2d343d4
SHA1 c4ed16c208e12a2542b39f9a47adb9fba4083572
SHA256 17a14ea4736f43982091be389cb9175ae1f33c19c9fc293af71dd235b63d21ee
SHA512 6db18303f82af6c7e054c5967ad047b831e3722f54c9689a3796ef812d5cd66e7d0ce769b535d2c7bfcaca88f596fd379fd0a8d78fbab6807ba2867377ef733d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49250392d900ff6475b344686b20fa5f
SHA1 a4aab55be5fd3b9f307b120a1b82c60c1c9c4cff
SHA256 6620c5276fdd5a67015eee8b33b902523174fbd66635d64f38846290e01ef6e9
SHA512 9e930a178d25a06727b2d17f63346c6d2c443af4800131b269aa554b8c2e99ff56eb8d67765a78eeafbe5f027daecb7f1310c952ef6bbf179a68c78f874f74e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1cfd196196f4d0ff2af12c0c73b1b65
SHA1 4ba88e630679fff79601675a302f28c1bf4cf153
SHA256 7546004044a71bfa56093883e72877c06e6e88083248cb94d061defdf86ef8fb
SHA512 61bda7c52b9326727158f255e9f90a9e360cf4de82de253b7265e7c77ca2a246c3c2731d51ee96689c63ef3797d3b0c1214deedce648a79a2764e64ead9476de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ebda97be10b7306110bac4bcc81b621
SHA1 e5072700c918bd24acb148b3387916df38c99916
SHA256 10fbbe0cb3f39ff75c70e6e7619c6a6ccddf9802d18ff3da41ff6bda86c03510
SHA512 c7c654c36f728f46b7ea334211f963954a69f8615bf9439926450fc33377ecd788ed9e4cfb2dfa5cdd96496dceb25332dc563079f0ca32fc176d15905b8cab2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ee110aa0e13b9a661bed38218b910b6
SHA1 fe07985440576571bc10a2d9428ebc2a1f9ec84b
SHA256 0f12d5dedb281036256fa50aa67f51fdbbe70a8882bddfb28c0d97eab10cda23
SHA512 eb33f94b7c002ad57c7de2f58b35399f34ce283bfd07e8f7c3b9a80aee9e91256049c1aaa0ffe6f38c95b5c18a2966f5a2e2a8194acc7e38ec8b9d696098c99b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb917d056701d4389a36085372fcba12
SHA1 cd3f086b006c5ac478cae8b119082d33fe4ff45c
SHA256 bdb37bab7776b78d53168d71a04abcd3579391edfcde2f0a1a30f6d7693e8e67
SHA512 371e425598a85f623ffcd285893a16a7468c85da5a0efe83c99e7bc0e1d4677da54c6acc28be60a5e7d89e270e25487bbd26b4c96808ac37c3e1aa09c66586b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cc03432a6a73d21a1e7e9eec9d61a28
SHA1 60cee1c8a4f8afb41eb7c4fc6325bb3fd25c5170
SHA256 ae960647694c6c0d23f4838152012ec6d60f4b4c8eb704b5a23d98c1fe2325ba
SHA512 446d797e8c15f842a9667660554a65ee72aaccc84454c57a69150696272b23e208a4cc587ec868b91486edc4f3ad09d0e6b44d34402c6317aaf8c45e78080365

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1df743e054a8139571c394965165abc
SHA1 a7281e9794b2881017984b6d341f3718d88d2510
SHA256 01e99dc84bf5ac2a004d9e56b2a2cc0502592e454473ffd6f7781f979efe1a46
SHA512 9d05cafe747d7866abe448613d1b6545655632789b78ce309dca9dd9811820b3738e03ee29236435b16773ccc8de8937d877ff22a757113746e49d0bc0366b15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07e21b9f276fed4245b626de47e361c8
SHA1 73131aeb444c57e1af8f63d8008f5f008e257587
SHA256 2217a3463d4697021742b3737ef0669452e37010b6d06005d65add9d0f53a6b8
SHA512 da117adc51cd168a0525270e49b96ff7bd6f2173a649e22456bc944a7c4763d6cae5c1fe5b05a9468dcaeb3cc76be5f79104e69fa91eb88d6e85d34dcfc1bcc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 275e0734c44ecc4b7565835661712d7c
SHA1 10ca69e69d71263b9a1631b29b970bbd6d734684
SHA256 4cc60533b26be695601d16c9bd8424b2ffa6256c118bdedbc07265ed339b9b83
SHA512 fb1319f4a2486535a12343f0c3f1dd8f1c9a9d964ed8417db2a794b0b7cbdf385b7328929ee97471738d93bb92282cd9fb06b5e4af9275a7e1938ab7d1f13ec5

Analysis: behavioral17

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

134s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dpr_report.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b0000000002000000000010660000000100002000000075ca18327006aa9aea689b2633285f473fb3e18c72b2735643d52436cfa7caab000000000e8000000002000020000000c2cb5116b0ac02ad19fafed5c51fbe3084ca6b3a731e27e750f8eef430c074dd20000000199c0d3184772dfaae6de97ffbf74c0f6ac158168ead820af8965c92b040b1e040000000970c5e1a4fb0d1d00fd510e92dce13854ae1977d773d19b3de0fa27babda150941508b42ec8580cf5ae887610c2610c98c23531e5e06fe3faaeac2dc3d897f89 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b0000000002000000000010660000000100002000000014272704b551a014381d41af0eaab1c577de9514cb2032e88d126232d5cb56fd000000000e8000000002000020000000eb42c5519a849beed72a6a02bb985202dc5d9dba0f9415a509fcfea5508bf4e5900000007a19187cb88073a4a09f15b56c52eec0b36758390c84213a4360a8a9582794678b3edad3e6ecfcf3a27010ec397c9de82388984bb556524b9bf855ada6523a2d0f428da6ccba1c4b78ce90f82dcb6d5cc5da51b9cc18a0018afb96df8317a9857423bbe5a0f6433fdbe8c6936c1665b64ad4ffb8487816646bf748f50b1574ac6bb75b221bc2a8e10ba93ae50983e55c400000009128147fbbe2edf45efbfe9c0ffd88837062eaab5a54d163de919693ba7e627b75f45abf5f7c6fbcefc60104de90cb5bb2407ebe91ff45fb8b3cba4acaa62f81 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841080" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5752DB1-5BEE-11EE-9877-FAEDD45E79E3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90877fbafbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dpr_report.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4B73.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar4C43.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a92c9c10d63f1283ef13987f8efa3288
SHA1 97f4a1efd5328049b99cd86c0fd936a95c81430f
SHA256 175b403f200bd59e77e2e1c676228c64fb14f4d9fd507d0b5b6b348cae046fd8
SHA512 dd35f6460acc2ba2c13c805af340c84380dbaf3671d9ea5c6d01976167aed5a0c53e930abb627646ca4ee58c6c2f68baf739035a7f11b53cbd84a7769786627f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8b99f0e62c0265cd2cb5f45e6e149a2
SHA1 7f229995548d79ad3991db0fa7c8f11d615e5156
SHA256 c873eec6a748a0b1f691e8cc2115ea099932d0a72cb6992cb8addd2cd0949593
SHA512 0aa4847f76e251dffd241954b081af11f6589e1766174ca27527554447ae2c1f59e624c6a6496881f53226be3f4cc9aeb1dffdc647c35ffff62a20c2459cd46e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e57d290d9fb4334c8aceae3c19645f16
SHA1 a2d3d85182869227de95284ef1ebce37bffd631a
SHA256 d0717d104e0d9a08443c84ab3c939eb9e14adde0adfb38da84c6add02f372bea
SHA512 56038d83d18a97752d238d62112ae6b06dae15ff0d8625135e71b7da89c793d35183b9ee123e40cd59e3b35b405a0dea824074c3b3050f348f82def036e79b22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7baf9cf7b073fa4903e2c4c7a8cb457b
SHA1 031b346089ecb9ee278790a2844111cf02b91531
SHA256 ff4d24aa4c0a561f79c9b066d5ce6a9450f8cd6168934eb2aab08b748ba6655f
SHA512 7d6f61bb001c8501e26fe649e6ee47be9aaa600562b65d8bbe87ffe9325c38f96ba79058062ccfdf54b3b78cbdf684079dd873ff3032a617fb9b0deac764c3f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d620a0331cc29cd798925ee0076a53e8
SHA1 2632c0ebaa69510da93002c945f97db331b7b73e
SHA256 4bdcea56ce2e82f792dbed385fb48a17c102595d2a9f5b8703f296567bf278ac
SHA512 77c7dcaaa78f2106c8bf84e91772b582d94f6afe17d6b4dd7b64fce476526b8f9a4aaa976af325250109a97698040cd3cd6009c47a7c3a6d4110f4c79de8c379

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 581c297e307668b29455355014fc5cad
SHA1 fc51668853a31bb0d8d785d707839cde230d2c0f
SHA256 5b119037169db2a0f67ecc1956d7865c4f120b763832fc82295778dc94e2619e
SHA512 137489909a0365ebe1053e146f1a231745d5c2bbad1b1c4a87e2c767760edf1a9796a2f1d6962f1236b322ddc745b425c7a0a24142f873b27dcb89aad07ec7c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67a2bd181dfa793ee642aa712a0b6e25
SHA1 b56af83c1e5eb55b204a13cc8d3b311347e94b77
SHA256 975af974ac402de3f6e34398e16eed183eda2981810ddebad58d0d77e706f8b0
SHA512 64955ab32cc6b6a9d087e7d610a8a6a431f10fe3eebb614d7ca69efca47c2b8dd0011927154e91ef7497dae09fb39dc8e33b822b19d00ba73bdf1e1d6b7fb3d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 807669c93e853ccc152d8ae3980144d0
SHA1 7e09bacf57a6d5644bbbe2d060db4071787e44f7
SHA256 c33eb96d5d5ac6d6241f03b791894d8df8f8a6c3f8f46286811a92a8a5f6cc50
SHA512 7c4e35c0b91fcdce285deb25a5a92836b52b03c12ad4b3f928031073b3eb166455c76ab841516abe4234bf660f492a1772c2f12efab7f0496d9a17e104ac1128

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e6009b40754b97fb75d5176f18f762d
SHA1 afe3e878b0666176caf58d6d912ffb06aef05ec2
SHA256 217e09758ff5bc33e6ad2aedacaae3da87c06eb4ca5b009453f0ead762282369
SHA512 5790cd488b1b59caa1acbe78c46b4100f79f47c3f588ea67dd485ebe4a9c6afaa5a2b15de91d4e762bd810a7966f220d0bd22586521c45a166b11f225c7b9526

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4def47344fd9bcee8518ccc380b03ec
SHA1 684730c65fd6d6f4982a5fa8c9c4bf0991136de2
SHA256 6cc799f1b8efe318f7db88f034529c4aa8f2bebd1efdd282d32bbd8cb16cbab7
SHA512 d1efc3af9791a7c9a3fcb9824f0ea4e8ec09d6b5e69ac341c81cb951d9b32fc98b355b2a905d4955be3b47e5635912e81c02477ea014015609d95ddf6f4f4f47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efdd0cfc50a8100578cccaa3cf8cc8be
SHA1 5cc2251b6a0f2c06b50c560da0bb52ac61f5c242
SHA256 7d20b288b16182b52f1ceb4d08a820561f6164f20424156a2713aef61d43822d
SHA512 60ac1bf4932ed6aa83b0078b0b4f4df9df63691b86676ea8a095e18ee7c4acdaae3048279f7e843a0129c3a0655e10a6338e0522e1bd8fa430b36260c721e63e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a89a015fc1ed16088339178600cb2a4d
SHA1 ae4a6dd4c1bdbe9c3142b15d22b81198e7236fee
SHA256 0a450169c0a7f370956d899a7eb081c85bb2736c5eaa4d2ee908bff77da1562c
SHA512 3a300659eefaa0e48453d98e4ea7615701ddef2aacb49cfee95ea5159ca5db750d70f1219dfc90a43be7009195b1bd1eca87c4e20de1ce8b9f49c572bc49f0df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04f79e3de1e165aca803bc387d8cad79
SHA1 e8b6fd65b8dc281a3aa8ebe01edeaf83f13523fe
SHA256 cc776b7a0f215867f62cf291024c4179910aaee90207eca0c139d611e1a1bfbb
SHA512 26ba6c344e13fdaaf3a683f48068f21269e7e771932da791b013b9adc71c76447f83ff3332802cfcaca41b8d8e4d4341f52f702a912af4e9482b8b0f1d6e6c67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a27412983f0fb84c2f13dd48ec25a1b3
SHA1 6929ac6a0b0f3882024049aae86cbfde0dcc9bc0
SHA256 e28a1d03ca977bdac51fb3a2b2e8c82b96d8e4fb36ca46f30faf3a5fee9c3277
SHA512 ef7e436a0e02e9a6900620604d40c1c592b2c4d50a9bd96e73e90f63f6ab1b35730c2166a3f8a65b70576227435c81271999921ef2eb595f7cef80b5ebafe84a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e817e7683b2d0347c0cf2ed4dfdc391
SHA1 9b66171964a7bab833c0ac9f0f6b69352ce55ff3
SHA256 a9d05f60b2b84779cb8f1d4caef38e8d0c8eb17c9917bdf59f7757af112a6313
SHA512 8da94c80f223d13f6c115c13b7e92d3651358b1ce7771755259b2075d863e9926b161c08c5c837bb442c79591ce839cb2690f8b7811506433f5fe6d67e8d6f3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40a72a5c3864b3fbfd952fe9bc2c6f68
SHA1 38ef21fb16f68dfd84166e75a9e7d1981713bde0
SHA256 4a326e9a38666f41d084f17c28a69ec03234071e0d3119df5b3c573f0c7ad478
SHA512 3c3f47e857a22b8efa793c2271b798b2440b0a4e23906cf01801cb9cf6f7aee6bd4eedd747567477bcfac5bbd5909ec8e69b6ca0dd8e858f6e913942db4a0c29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19d32fd156d7c50cba5a3febaeff1291
SHA1 53e8e80240d5884e0ad93e007b7c3e917fff2a50
SHA256 9ed2904127615865b462144edecdea8ba53a3e3c52b233df9996bf270cd0b800
SHA512 c298b165cc936b6908ddbfc09cda82aa63b1b0a39a513601dfd49bea32cf55ce5b1e26ab479bef99bf4c95e8a42c18ccb064b71de5fa297e6ede3b605e17425e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4443cf700265926acf86fe1fd9e83493
SHA1 1b2392466c23594924e7f3b8d51691a41776dfe6
SHA256 adcc8d68df90a8c6e9d4e5e04baff7d36759bde3104d842adb591823f927ccf6
SHA512 2e0920cba88949951ac00a9b7ecc3577e203abae755b17780d58d4845794d832d7c0b34a61df538faa239f98ff47210c67a0c49bc69b67bd8e808bf28292e970

Analysis: behavioral31

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

134s

Max time network

136s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_static_endcard_tmpl.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5FE0CC1-5BEE-11EE-BB58-5EF5C936A496} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000c8dd3473039503d49e67881eb67669c6b090a44537d81ca43172a8cdcd8ce1ce000000000e800000000200002000000008db69c9c4701753362f28dfc0a6670480a4a2c8d24ed771c230d8a8cb1fa7ee20000000c0b43ec24f28d2da4a4dcf11ff409cee3d9c39952e1e62b9c33cd7b6c256094d40000000eb2a49398b7865d55ccdb4ea961e89627a0aaa0013fcaf13869215bed0d1664d79a4dbac4bafd8779a64a2ec19c24dde60866d30a8b0695c4deff4ab096ec1aa C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841084" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c02e48bbfbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000527ea681d55585ae2c2a9ee6c75de7e24a0ef4836279e7c941a7d518320abc22000000000e800000000200002000000073b1d943741845a3bb83e1b30f51613286fb6f3f069e7de4acc4b7d5f77b263a900000004b4ec56716b9c89ba70eef4c8b4a2ee80aa632eedcca45f131252a4d4d79a6320541f5debfad8694eeb292afaed33dfcb5f7436e2357ff47a8c69a511be20d7bdc38054cd364f3923d983c5398d81611c4b8285e9635f5335bcf3fa16f50e1f847cafd8d53e355657c1a84480571650b26a7a44b34dc2150b3f1633d03482361c3f20fb6d5a3da0c12e1fb719724c6f64000000070397e74e6004bab6da7afa6f2570cc89bb3f6aec006cc4044fb6d521e2fff4a92d16a66c791863eaa96134f955c1eff38c53a233a50751119e8d297bf07847f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_static_endcard_tmpl.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab546A.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar54AB.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35946e380c662835ea75610bf09688ac
SHA1 b8d2b602979347af4e559b0e7f9ae9da30369001
SHA256 cbd6a59c2763f417a7ed322efee9113f2a88acad533c8e1f91cceaff36368438
SHA512 864f80767ccc0451f9786fbf05a3b726f442da54dcae02bb07bd685da320d58b57178be1f401f4e40080f768f5864d8915ea5dd4cf80e4460319851b16fcc923

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01b5578d6831cc9521196b89712b9fd3
SHA1 8113b2bb4f35deae0bd58a9b14224ece3ede5853
SHA256 726dc58393e486f0ba271a7bd4d0b7a931c9c8dd0d159fde78a53c76659bc0ae
SHA512 6d5b1f734794e8dc28f1a6bb7141a029b9534cc3f4ed7364591e41d54a4bc7162437ec7d25a0c0566467baa7783d6c14f2c087063cbf5c6fcff62ebc4e507291

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bc7ca9d09ef64299d15052634da502c
SHA1 812d4c4b5fe40483dab5a40bfd7bf45bfe08913c
SHA256 99d28aab5b276b9a469a522c957015f37b4e0c2c8876a6e8d2fb400325f49542
SHA512 6e9d300b0c688c29a980e19e739ec8697082c8d42ded0a77064296d1e3ffe7228aa6923546ee4a3f91c2dde5001c2a8e251726f635e63638926bd973d8ac0eb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e8eccc38e32453d66d7b1df65e27d7b
SHA1 ac19f32deed5bf6895e024cfcd31242c5aa435b4
SHA256 a0e33547e9044d964bb2f9b475b234d537168cbc0c941cc3472758c1a5ba40f7
SHA512 62d03f33a49ded2cae48bbd50917ad76c2f6ff4ec67ba1f57eef64881f5d0dbad36bf44bc2d2c4ec64a5e2f9228ea944b1f37c71c0233798ef9bd67ed5837f8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd1a1a5e098900b1d7f5083510948641
SHA1 3e682c635ff2ad60069853efa670900db4cb86cd
SHA256 7ee04acfaf746126fdaaef3380f9fdde1bcfe8917b0d0eb44a0e2f5bd1046b15
SHA512 fc918265a978cae03561d36e0f25548a9f09fe308ff965b9afbf63cb371f418daf0d3100c17b0a196cbecf53a7481c2b1b7c4fa89a1d6e2b04b20b807f467d80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3884ef764cdeeb39fb3e481de62e5dce
SHA1 5e996e3c705aea29e602bdc059753b2fd4a06b0b
SHA256 a0bbf07fc5e166c0366da60ea3080c2709ef2edd010a0939b4f768d92799e81a
SHA512 269c70aa38500b69b53e8915d71c719727936f59331364dbfdad398f3ddd5b0ac39401909959c326e74fb868ddedfdd394a5d6a41e95f10bd569eb13f1afda56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 250d248ddb9bd2f4d5e34e498b911a0c
SHA1 965d8c7df89c328035eb37a93b74f7fcb42fb939
SHA256 59eded0fdb2e7cf5088b52384795a7a35aeb15f37754e8798fe1536dfac0a618
SHA512 3444951f7de571527d4ceca530fbd1040a9ff31badbd433be0a6ba06168e93d7df1c81ddbbcefb13d0f35a46214deb40b7d9ab955307eccfeaea2920f76a11cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c4a0787e7968f7553cf9cee6c9f9848
SHA1 7d51167cabf111117392716e5af414798581853c
SHA256 895bf14d9412c1ca71d1b6aa4671238da6e62d1d78a26d352141200e9c86bde1
SHA512 58d81812f5db2c496941e05e36a00d918cfae3e65627cf9f1aba56842eb83558ec7b2acdd80c7db7c8fda7c11baa6163520d01cdec51d711228748f29e8b61f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24f226b6e5c746cead8361ec4e0f8362
SHA1 472696fac2699416af781d2aaa0f96817612fd99
SHA256 c062e14e10bb86fb669a5b621922bb140c5a91aa03ea88cdd4cdac1a03eb541c
SHA512 6be35330bac60b8c471b200010dd40af357ce100af1cf6921f0c2f62e451d5f79c87275f4b72878d59ce127219ad3cf89764e255d06b0bb5c0736c0e1a706827

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bded94acf12b71d48dd0acc5afbc0d18
SHA1 2efd6ecd472bbbdaa48b9aa53e550ffef919bce6
SHA256 584189d1f0e14a1b2805010f22c11df323478796a87e3ba24855443a0cc7597d
SHA512 f85b9b4b9b719d9874dd01c8a4b6711207554b5986a67892f8d1727d0a0120abbfd7183f6709b32d9cab55fd31c72abb58bb9789fbb6e59aefb7f4d8772255c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ecab3d3f9ac5c00f38804742201de5b
SHA1 1a4405381c3339e417288079f5aff1b643663300
SHA256 7c9c602c6999e8ba4a4f23072c7a44518cb8b697d8e454bf56b379fd64b630c8
SHA512 90fe34fc9f2b81e706465e867ef77a1f3b459ea3769f69c1e099c6dc8f7f73ad6536dd856b0aecf625b6751899f785ab64af4023422271401d0935be2ff0d76b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e825a0c6f530673d1c0c0b005dd80435
SHA1 3464d79b003b8935080055477c521667f0b12253
SHA256 50592d3d05bdc51f66056756612677ede3bbe053d67641c513d9cd64e7ad53d0
SHA512 5752e4adda545e15800ffca044345d15a128950e53df9df42499633100a65348567a9c7f223a1f58186fe6e42fe66fe80eda95c2fcf5d7838ed1a5aa548ae3f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3da5cddffd362d568589fc4e0658fe57
SHA1 acce305c157b675b54c34396493ad6a2a955e471
SHA256 b5649c3643441d7c791b54ad2a2a8c310caacf922827efe1cb2ae4a53e095fe9
SHA512 71348f49f4d8451556e4bc3373650e2b831a837d174fdc6ba3529bf16a0594e2bca5a5372995ca02990286359a74be09ffced16f3b7bfaae6519c8edc9e9238b

Analysis: behavioral4

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ad.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e031df79a9e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E70F0518-5BEE-11EE-9784-FEEDB4A4667E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef5000000000200000000001066000000010000200000000b9e3bbc7e09171326d6a4fe8d5d01bbccc0fe71688aa0071542f06af476780d000000000e8000000002000020000000c6621b4d9f860a07e9974b00b51bd7cba89b3b4e953effaeccc5b3a2d436b60f200000006e9c46cef7dfc66e712d69f75d07d4ce18a8907066b99745bbfedd2491d0d3ff400000000c610188f80720e511f545a47d02dba8c7ec752d07e1ec6d32cd5fce98b96abd0a6de6d1171196cc9d53271215807d334ac469d9b8f4312bfddf23983a11f7da C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000b7d1e30b07f4ae114b6d1ed94a7dd5ea3a0f0a0afeb57b4e5a125b6642862c0e000000000e8000000002000020000000d543dbebdcf1316c2087a62b99566d97289e06744677aec045a508b0c97bbcbc20000000b81fd77834c6ea1a4b9aed42c825fd2b90eecbccbb14a3e3419402b4150871b040000000a3f184fd60d272df7068158ad793135395dec68cfce6096534ec0be721238d6e78e688dc1355ed34a3606fcec07cafefcd289203f18bbec875a42cb53c142c30 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3038c079a9e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401529248" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ad.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1088 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 32.101.122.92.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBSMWSRL\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral10

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

121s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_glucose_entry_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6F545AB-5BEE-11EE-83FE-EED69A4A1DC8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000da30296d7c6010205d8a32f2db474919be4dc716371d84fcb4c447f490b7bdc4000000000e8000000002000020000000e80c91facdc7db33e072bb471558d9823f9679240098794df4ba4848a3059df2200000001cc620aa6bedefc74b03a569e797712ca8f8a93c9c88192445943f8d8823341b4000000077b23d0c9d2ebe8bf9c85501ca389606de76e562e2bdc856ff612a3bb02e4b3b929583735615ab8cb349f8032bd6746097e456ce0f5fd0b7394a00c0a88154cc C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000e0f82c754d5fb7c5d94f07182081ba8e9dd34f308a4744893b20fe9aff74eebc000000000e80000000020000200000001129ac3f9cbeba46fa025885f33a0eb910b51dbcf184914286a3c5aafe6e5fbb200000006c74ae83cacdd5142a35fd104edc1031b09faa6fb34c4cd8fe249f7ac4038cb84000000023c94a38d045d8ad8d2e2718d7a229b0ffbd864b0a3fa9d0e57d726fc3b2e833ec77740e80f208aed47cb7ff8d7080c8ed990aae18ff826e949ef90cbd6b3eb2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\User Preferences C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f0000000002000000000010660000000100002000000058d82b68fc932d05071be1530f2cd88a0fca3e5e65054313ab663b0d423ab29f000000000e8000000002000020000000562b5f977fb577f863a4b3e03b123813e9eb636fae31c976e5a204df8ba4d419100000007e47987b4dc3bbcc90e895775c73224740000000cd7dd00d3bb55d19f39840a3f556f210d861571736a5623aa5db667f7c0bb112050366cc90a19f883cff6fa15ebf01ce54e0da6bdf3cdffaefa348c8789831cb C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 042d5e82d5e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401526081" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70c9fb19a2e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f000000000200000000001066000000010000200000003f44e127115cfd01dd1c892186163a40838604fce58ebefaffee678864985c3f000000000e80000000020000200000005adaa4c6e16d3dc53ee30fa0f2649783253f1e393da26af19b6d1a0f531d0130500000004e5bb981a08b32fa2a1e1ffebca96f3973a0826e9b1898bb8644e00b3951329ec5a0921ae0629001594bfeb597a5cf4635b7f2800595fa5af92d7ba31bb831d1364d44fe6d4452234825adccfa8779034000000040e52417ff2b65d35a5a7d4310c1a73a9fea8c00b6840a2d7d60bdada3c44edb8ee2989bcb8849789d2913fbeff10104e4f70ca64a4665aa43d903446edee78d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b50e1aa2e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_glucose_entry_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1228 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 88.221.24.114:443 www.bing.com tcp
NL 88.221.24.114:443 www.bing.com tcp
US 8.8.8.8:53 114.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H3JZN74\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral13

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

135s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_pressure_entry_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841080" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0dfe6bbfbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E719ECA1-5BEE-11EE-AB7A-7EFDAE50F694} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b0000000002000000000010660000000100002000000078784cc16c3be0f459bcbc689694033f0aaf13c0ddbcf7dadb9401afee9f3c3f000000000e8000000002000020000000cf1c62f3746912719bbfe1b53413f2df16ac182729faf6eb3e7a3f879f18ef3a20000000b0956be8ec6d07aeeca02fddc24cc44733534d82c4a447226eb63d243240d7394000000057e6992589963d346d778b09513edc49819b0966b78ec7c9e80c5e9e026ed3ce73d051f4d5b2f41719f91da5c0f717efe94d211b8a3ba0b7ed0fb6ae66078e6c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000209df6923313c516707df813137eff50a5346339ec34536698459ab6c066bdc5000000000e80000000020000200000006dda03d55ca8200c9c62183dd75becc3bb0cafbd4921e3c1dfabd01cd3dbd1b590000000485a4e39afad32769ec813a46c81b517a9bdad5fe068b8f399d2dc98a9fd4a56af8907f1bf74881a3b6b405d4560cdcc4540b22c57d8f68d9fb60efc33cd22361339368833fed618b528bbe7a68c7cb6e00f0a79a1a162885bd17d4c0d6aff9ab554b47f1256318d41e7e845fba9ed1195f9619d749e9730cfa41773a129b00b0bfb507c7f16d866a90963e97f2aeebb40000000e082f63a896cb2b0630e2474fad79f9cac99a4ee91251a022849950fbd045e72fd9e1157d7394fbaf141ce553495353ded61f2b2969fd7ff5ae88cd463e833ee C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_pressure_entry_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab81C0.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar81F2.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1ecb3caf3d931ba5590b6f752085e28
SHA1 6b125fa0f6b63f905847c9a68c6cf53670311066
SHA256 2f1464666efbfb3eb24380437621cb4943bbb09178868d60f6f8d8c4ace86bf7
SHA512 207496dd4aca5b325fd844e678b77824b1cf36093915fe7d46bbdb99931918c0dedb692b238ada7d39fbc78aabc8361617dd9e12e3e8c83e3692f67bd1fe266a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f79489704268f1f84772c9d3ce699f70
SHA1 f64ad5543cf384d2715b1c186bbe8f2d9431ad87
SHA256 d48e44f5a3ad840352c32d110b451ceb33fd519ba91a9271b21eea437407c6fb
SHA512 03123f297ff79be33d408f20e50e92179ceddfa4e3485c346f5174d9fe1811cbe04f72edb55c5a0432d14f6e42f085773f3a916474106f473d03d818362f569c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e30f543ba8dc5ac9027a4d571e6c894a
SHA1 4e4276c678d13730bb5ec31246333da39495eaae
SHA256 5b0976e98eff870e5298d08164fa47b45cf4526851a71e69b7a859cf335cc117
SHA512 019c3b2cd7a60c1f6f538957411a144cea211c3b48a7d4f47b36d7caa7e4f399cb2976b457a9e202c9f41cd101cc248eabc70e2f8521d61d0ee3de0a5b81c0e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d87539d91ef3e05e548632c89a3bd92a
SHA1 d731cae34cc72201694fbf8a6cce54877610fe3d
SHA256 62a79f1e876a30cdc1c53c975f69e14f59850014f0278b692ee72b038f0e8bf5
SHA512 b020de97a3ea39ed4e9b457f809c0c2ff2ccac498e2f69cdbe2daf801a119d09a107b1410d9a887a1ed427a829a885e9154daaf698d067e77a94c5dab1410938

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 990aaafdce38ed56718f01ae7b148851
SHA1 25ffa44015f2bdf81784566e7344815f1014292b
SHA256 1f7db71c0183dc3a54436674bd6e54f86ff21da5048a717152c723f58a1ca259
SHA512 2c7c9f487ba2e05e2434e02cf718e53e0e65c8239c05e0a4364da66341d3271a12c79236cf5362ddd0968a00cb7ef55dc483452b7fe9a814185c4b060b01f235

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecfa2393126742a39bebb3397c090b8a
SHA1 a615b234c9ed3212e00b8706a46ed1dd433829de
SHA256 3bfc27db74295e4c3c3998fdf9a6d022cb8037838b6ac2514f2c49c9eced0021
SHA512 dfc3a33c6669fcbfd8082587f665dab41b8fd75bfffed3f109688c3398c23b99e9bd72f1aa95893bc3bce5bfe5090d168d12bd99d4b6e970c927cb00af94fc0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65e9cb6dba5d2b59be1730852b9a9f84
SHA1 fc920e99e3543baecda32473d25c22f96d742cf9
SHA256 831c45f2aa9217337062e87cda984fa8ff359456e76f5e6f143524e963a7e22f
SHA512 08cf530b5c00b65957c8e03a5f5392876fd4c387f494b1285b4a2f55a30477fa508588716f53286f0d580f43763596f9f418f93f1a97ac037daaf295312b9434

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ac03d23cdeb6ccb27673f5a14b3f462
SHA1 98e833c6632efeeb0c2269ee50df7b94b34d057d
SHA256 49f5013e06175977caa1a91ae88cfecf102c73067b622d1eaae9ee481aefcf9f
SHA512 2ad69deb62a1938dc30dcf7915e90514e44ea27eb31586edcd529b4f7e52e2a78ce822528666eb441330974d903627b0efb0c12bd732c19edb49806d8bb968f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92272e31f8b4ea8993f2816adf52c313
SHA1 f85e411f54a80fcd1d87adead96da525b4bb337e
SHA256 8b79c2e1ec05af359e49aa7cea6c27f47620895aad7832b5c8d2722aeb962001
SHA512 adfef90a23d7f2d36b6f60c4ec565b75c215632bcea1b87d868cb4f928176d5d5cf41d331c4d43bc9d99443a14da2551f59ce5cc0b56ed4de8b26353e0abd5eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a089403c6f28197522a320a3d4a8a07
SHA1 9c63c27192acd7d9212e49b1a253bd693aa91f0e
SHA256 fa87a5c89ef631494f0303ad51e029396a142807e444c139b26b183aa277b79c
SHA512 dc667eaae751aafb1203eab84e13b2b484dc2bda07f734721aa16b7cda955b9cbe6855b007739170d76d37f9736e4bcd81515b22237cec63cbd869d1d35fd8b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67110d1b2752f690fa67c5aa3ace1f34
SHA1 7fabb74a84eb514b4c86afb5735a36e483b635b5
SHA256 1b4246dc601b24199c5caeeba3fd1b921c4724519961bca5d55b0caa50f3eaea
SHA512 4262948a5618fbbdef7ad58cd0016a6de1d500e40e280eb373106e29f959fa12b8aedf1783e8c49dec69448460425bc1aa59521bd725e71053626d827209bcf9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2357320e7a0799cee934585cb9f22fc
SHA1 cd1c988b71a2bacf6df919f0118da1cefa40a87f
SHA256 e4100c8772448688469d03d1f57e051209b9d8d9d5b970c7eb0ac11f5ce84b92
SHA512 e0070c48dbb3c47488bab80c09c9c17b79760c14c6c5f52f1f9b8e54a8bb23a94f74456442cd7034696a368f9545adc416ad73e94596b0cd8749eabd9ed28ac1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c7f7ca514cb784f0c09735b26e8d1f7
SHA1 2bf8a6ad77710b09a57d0f7db5124a3e75f6ab6c
SHA256 96aced36a850ee8bf2679afaba4d7c61a25d5265677475c581047a5f1707f90a
SHA512 5666bc69c51eb3f418a2356fb47b2a486358e45582ab200f70f2e5d22660a09796229a457578546e02abbd25b50e7a3d721d3d16434b07de47061609326e013a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcac1e0cfb9a711bdb2644c1c9e03a3c
SHA1 988620652e282772f2a1f43edaedfda80c49cde5
SHA256 741a5c806385b6f64296deefbd6518c5d0a9e2e8089081aaeefd799dbcc9e195
SHA512 ea10bae3c96271f97e7980417e8b996d612c45079e8311d56079b4888f502975de469ecc56feef56d3f443fd1b1a9cb9e3c728e2672f0cdf6806bb4851458c27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4350ea5598f907e0f4214c59c5c5bdde
SHA1 a3e3485a02bbe53530984179b2acd7aecce61ddf
SHA256 1a4b79c3aea1e7296a02f741b77be014c4dd7dc7fc8ac563ee27f971c7f37dab
SHA512 5654d387f69301c121269f56e114b98d6447fa5d8070afa21e30d963262380cfb87016388240c6fb611fc762f32a4d2e3d19f3a9d52f96cfd3f7973d78a5b81c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2b4889c1918e8fec0ae9030c1bd1c33
SHA1 f4053fee2d9e4c2bed7239fea9eb26fc7e029c1c
SHA256 c2b17eb3a5cacb31c8721152f06d5cac0f17d067c533b1aa519138afe2389f3f
SHA512 64d91298cc046c04d0e7d8e7661b73d9edef1f15a600d1f141dbb424b8d7d08e1e90669afdb62dd351aaaebd66e1f17d53d1006e671f77380c0e691d5bf68de8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94eada585a9c8b7f70f26a83c03ebe75
SHA1 6709c5418f38004f6fda8b23c65187185c781276
SHA256 f9d4855fbcb175088f4399165eee523d2907e8b35fd81b2d5404da03edcef830
SHA512 83e4c90c895612101ce7cc9ffcdf9e86125a6cee2eff8f2c3e3b46cec5338aa4ec81909d3a3024334c5a092dc6ea8f287a7dbdd3cd2089a47a09325f8ef9e9e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e396c9b67fd87a82cbe3a9bd5a8e8cb
SHA1 42d60c4db64dc4d5b323a650cbec225808be4f9e
SHA256 b7c55586d2eef083f3e2996f573ec0dd2fe76b8ab441532fdb3711e8ab8a0d5f
SHA512 992ff8122d6d138ab826d01c699c6a8b9906263d3711ddbafaa5b7817ffc679a76e38db1c61e2da2b39523aaf566549019ce8761a1f5c46e521e5eff4cd13845

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afd28e4236ddf565a183b5385744d80b
SHA1 8cb8da6efae92c1b671bbaeb04a34e545ecfae9d
SHA256 6ac9935286c10d8384425e46604684d4e2627fb391bb86ea66a232f56d57814e
SHA512 86eb046bd269ad6bc0d6212f95560cb6cd872120121e92390879fd664aeef2709237b32d6f1888bbb472fb6674abe4ba74ad010eb16a0cdbfb006f31bf73ef21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f16c9d03c7f2eb317426a0571428f45c
SHA1 4f1ba935237b2ac6a04cd919ed9b581dd3dde43b
SHA256 c710b01d1ae4991432acd1592373361d4d665d01fca6f229bb6f524299e269fe
SHA512 4bf7fd3425bc33cca21dce6bc0584dd66ffa1faf634116b691f22c34d300aa9c1aee96676990eae5dff57ccbbfd1edfc03e0c143ecb4b3da4870b5d079fb1b5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32d27e500f48cd2a3f2a8265e90d7398
SHA1 171b1f95039472d6f6959973cde91634c2144662
SHA256 72a2e2c2469cc5e2291ac897c63c88077051d49d66ad7506a209d9f0867c7847
SHA512 61d2d9da2abe6092c2ae79e2bd3dc340307649ef0e3a3ca410ea2f6726bb987586392e2937165bdebf4dede60a8851ea0d2fe8a5a93af5d72f8244166a710991

Analysis: behavioral26

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_medication_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6AE7C7E-5BEE-11EE-941E-7EE370C9B5A4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad3560000000000200000000001066000000010000200000007374599888b1fc68a73d077900b389f3a6457030d5080c83248e549bde3a67ea000000000e8000000002000020000000f911626e2e6cdd138574f487999369a07b7ea27b87b445000a511a6bac6b8f6c2000000095767670cdec2b7c95f7d5e42030a48ca08afd0a9a38544b8946f2dca2b0e58c4000000063553817b5f21dec82e501043cd1c632bc3b4fd5ea9e4a21bd20143fd17fa0de6a7f202938b106ceb31c62453bf2c426d7a0ee2785e98e5c3eb9d6d2929658a9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad3560000000000200000000001066000000010000200000002d663d0d3e990a939458cf3b5d995be9b9970b50639c0a483a904c9ba1aa2703000000000e8000000002000020000000ebaf0abb1570312abf419b9bc0b485ccce7120e838c9da7cb0222214f09eea2d200000008cfbbba817e62a3281061eaf6b8e2d1b953154ab2ebf2479e744b3742adbfc1340000000b16f0e01df66b2c48e63e3fc0d9d26b0ac4631177912170470befb1c5f5fcb39c781977768361820147a97bf6bac418a92bdf96d5395f1e11e6a2785e774b81a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527867" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0daa842a6e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100d9142a6e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_medication_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4924 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRL3SWXH\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral30

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

143s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea900000000020000000000106600000001000020000000416a576b91bbd453b41d2ce767d00823486a7fd1e5ef7a1b52372a95848f9e56000000000e80000000020000200000001abb5aeab0f37cb2a0ebb4d1119e986a64ab3974bb4e99e471abc82f2e9cb04520000000250d626e77bb88281cab7960f740df4172304767dd5147ebe7e66a4808c66fe640000000e166e97e2c3422682e8625d57931446093447f23d1d315a49993079208d4925ecb664bfe323eb1dcf38def516403cbe25a6a9c2e38efa3c5569424ce3e4892a9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6A826FE-5BEE-11EE-A4AD-FAA769BFC8E5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea9000000000200000000001066000000010000200000006a758ff821ed48cd9624645a23915a52dce24541f6b8091150ccd03881f34983000000000e8000000002000020000000e5daf9c9180773f48d3f83e9fabcac710c1edbaf458cb95b7c669019ef4c7e37200000001274c854bd30ea5aeb697db72a2145474ae6d78d6a258775c94a41eccb1a20724000000016a7602a980b81609f371b1041694ebade0f254d180b8541c2c097b6899bc7a098d893c6f561d0bc12c5a315f6bb9fb0b718ef52e5822f942724821550c8c83f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08a0c2aa7e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401528255" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80e7212aa7e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1492 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 254.3.248.8.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZFOAR009\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral16

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\diabetes_reports_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "34847967" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31059964" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31059964" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b03000000000200000000001066000000010000200000007faf8af0fc87e97b6ae6b815dfee32a908bb80713e82e6f2148d88fc7f95cb46000000000e800000000200002000000083bb8b434b09107b01803386ee41d6276d3eb8a892e6585170bf05bfbabbfea2200000003b20a8093d9d1c72fb6e880956390c4e1b2737d4f6914e21bc14b8728a3e5e5a40000000ad6ef458067e06f39a86a09ac36f6a96d529454a817b03b0c8377bcabb11d9ac26dd328d0c63ea04ef55b48ea7656a222ef52a8ca1a239a4ab6494147d0b4e09 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "34378489" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31059964" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31059964" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E714A92C-5BEE-11EE-B0C5-7E38B6FF5C60} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "34847967" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90d7d776a4e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c035c776a4e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527095" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b0300000000020000000000106600000001000020000000a6f171d039927075fb2c27421820800a0ff481e7778f33720886940eeab59cc4000000000e80000000020000200000007ae8761f2f6cc2488743663edc92bfb13383b2cf05028709920240beb2e1cd72200000002c6cece3dcb7eff3405d24361a37dea6a2fefaab1f19a45cd1ecbb14aea99620400000002ec02389fe3f0bb78b0c26975a9336a32c3f79a62851ed0e845abb9eeee4df8ab6f206c1e4fb3f161a4cae9be529387f5eb42cafa9693031763e8b2e6c58d4d5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "34378489" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\diabetes_reports_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 48.101.122.92.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HEITGDYC\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 88cd3e775ab85c67419713f439769cfe
SHA1 6682ff7cfd8dfac67532740c1ce56b22162f11fd
SHA256 b36e29f571f672140cdc0d876f05b91cc05d79fafcff37511763ee5d6f528c95
SHA512 cc9fe65ad4fa33eaac8cb6e6831f2880763ad9bc463af6badf588330d74717ddb2860745619d05ded8d8a0c10b9077cecb60b1a61a1609291f612a2a0f64fb1b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verF524.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Analysis: behavioral23

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

134s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_labels_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac20000000002000000000010660000000100002000000095d6ac556ec3730daaba4a8a5edc8b89b5277e45853e86a784a27061341c6113000000000e800000000200002000000024f820a0b6575e2542bf711bce8a787d6778525e13f48c47f00e4aa04a006353900000008dac610fd783e61bf0889cadcaa9ff7c81e87bc2a3a6dd96f8c03641fa5b3418e9fe01f7a09fa5d2b3c8b91b7344e3e392e1a0e1b3605265557065b8bcdb8a0f7864b0cada23da24f2d6ab57fb2b13f9c7c6cf0e92caeb08d61c63b746b58258782861cf87a6d1fcbee92712ef837749680c7a9f7ce34f1b4eaa474d3771fd3305d798adb5e56679fb03b4d1c8b758af40000000e7dfc73a640ab6b904b259fae30461674e3ce447dd623d13415b2791354f3b46d2cb19ca3deed4c8cba495e41cf0c9fc2d46d4b3f35a15c53819bda83919b10a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5DC8AA1-5BEE-11EE-A42E-EEDB236BE57B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0b09abafbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841079" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac20000000002000000000010660000000100002000000019f2ca69797989bacf98803a85f0ee6434182cd61c79f573dfb8e3474f1b60af000000000e8000000002000020000000f619c019b2202c89847e2500112ad671b1340235e6bb187bc10c942d91e7e5132000000085b15b66722bb6418bc7ed935acef1d0bcda4289b9c65a69a2133743edbedf0b400000004fe0d8e0ca56a06e17d7948281992c7d97b925ac704285a3a98590ca320972ba76ff1b97aca44898c931166041ead78717a5c9d99bd0066d13017f90f7f9dc48 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_labels_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4FD7.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar50A6.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4b5fa128310b372b41d4c0fec819f57
SHA1 1a6f42121478a1a7e7de6b67926b5e6b8a2b23df
SHA256 0b04b3c74bf4d0efbf5b5577671afd2b10427c930eb1bbab135a70ace3cdef86
SHA512 ed2a3655841f16a3ef86cedbdf120854dadc6f2f324f8cb5a52f6c135ce02c27de9def860d9254ede3a6d9867a01cc7b37b3f3b61aee7349a3cbe990a2519a05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afa27c7bb52d27e572cd89a546c05e7f
SHA1 b73215f2140122144ee9fed74749282be0634ab3
SHA256 8cf8bdd76cc700f7f3ba548f038cb7d77e5e985eb5bcfc089b7b51fe9c6e75cd
SHA512 2621b7a1552a3fb82391386042f2fe52f5f30395b39c3270aa6dbb628b4fe2f0aca5fdebeb137191374b230ebb4d4ea63496a53591ee00a4baca072f62b87e23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03fe7b64b47e1076f2ce8e072e5fcc1b
SHA1 acbb9e15f951f5db8dd9dec51ee5d42f6f599926
SHA256 747a6fda62e5d061c9619fdeb941895fd8fae62c2630637fef523338d3d3e830
SHA512 05e158947b76b4124f41a46e278b53dd8f9b7d23b1c5c43738858fe637a929be3fa88270dea7a56a24f4fe651204ddf803ed656abdf804183d79debe3654110f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c16201144d31e236bf11b1e8593f5ffe
SHA1 4735fb59361edc783aa79aa3eaa7cb0fa508b952
SHA256 535afb586bc037a50596a09b0c5b5e71c237247eb7f9998465eb147aa087880a
SHA512 27c96e696ca7f1107e83cbe901869d13fc94d2916d6ebc9f81e3530caefa7bf463a0a5fa5d65476b52bc639fdb53a439c4ec03a7854b81216c15c3afd48137eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44c588d00ae5f3ad1ffa13fa5416368f
SHA1 4a299b8c3d3a8d4e54a785ec7aeef97093a9d5f9
SHA256 9c5bef6aeb099baee4b4fb19dd893efeebe01fb8ba917f8c1c7cb38147984324
SHA512 0567019ef12f35a640cb74934fd10c06b7799d4af78a3bf430e7e2de1515b5eadb35faa2aae9064dbed6201067efd35558682707c2d8672d482c8945cdc569db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80211502203adfa4f59f746ef7517e08
SHA1 c79df6c20a52f59e0f56136bfe2ea870d29597e2
SHA256 96e6345de87c48cf1ed7e4ca1c05d628f43ccdc2bed6965f26b9c6c202a6b81f
SHA512 7de759d57bead37f765a5ae2514ebbd31deadeefd0e89c26396dc840087336812166d686ddb5988e63f6ac0eb5267138074536c18c940945a080a4eea323a5af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efee02399fcfec29dd68f97c26391ef7
SHA1 4f9ddeefdaea7297bf188615c9e3a317ea735348
SHA256 49a29468e07eef3dd88927c001c934c7c8346ac41cb96562642c3c843390735a
SHA512 69601e826cf004d7ed336e65657ef9835554c002d9aa8411d54a1e1f223188664277fb14458c7718df2969a913bd0a6ba4e56042ec17aa2da3c6439e9a4f7709

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ea9b7ac8dcb900ef6b83f7c39f2a0eb
SHA1 6b8d266c5a670bf6be93fe166bb8b16b8e00ea25
SHA256 43a3b36a5e1239ae695249d100408de933ff1fe3cd2424138e50117e4dbd008d
SHA512 3941e2b704f4ed0d21ac8052885ea5797a5d7e565e22e5cc695d31f4a5a8b01d8a41e30fa5eb6445103c5e09699fb77a56ea1f7c42950b8b87b8dcde6098f6ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf357d2330afe47ebab6987c50bd5124
SHA1 4fe50d494983a4b974bb0e6960b17838af6347f0
SHA256 a2d0793dec78c0f786e4ed2568e1f015a9ba6a7d954c7869f39fec6da68ec392
SHA512 ece6975b98b8a3b8f6e86995396705c90127d1fb1a468f77127153c1cee00cecee8be3e006ef26d19f903edbed79f7f6fa776d44addb73189dd9f299e8328c3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54b01fb5aaa4d676c8330fbff665c953
SHA1 13e142a935a26e46ee187fa6b808513229c31c8d
SHA256 9c180160ac682ecfec610bee6c0a87b2e407f4c1f0336a61c4029e7bba368d9a
SHA512 b6bf06caa453a1b2e35d689be7f6baae7771a07767d44e72db2940bdacc8bc508bb4d521b86d023fa635933b10fefab45fd6078d33513882e1451fa9c318b804

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d9d4c38d71049e29e77a5b729ffc8dd
SHA1 18f00fb21926f49872f1ab1ca9388df627667559
SHA256 9c11581a704fe3accc9bff634203ceafad666acc78b5d16d78c9a06d6edbdbf5
SHA512 e8b9a42d8a89689d5b71996aac1a83ec12d75c0bd7c22831951a503e7d25d4b5487d75791ca107943d05778c2c4180f77c6b2971fab0ee0a3bf65ce724b598d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d667b2bd677acba5582e992d7d5dc90e
SHA1 9a06269a0c1f35380f781682416da1dc11331df3
SHA256 6114e29df9e53f23fcb76a111ed0b19462fff02c0f5e24db08ab3778a21999fb
SHA512 ab88f1817623da4dcbf2ae4bda9875b44881d4e733c69403302363d505bb6a002ec9a8891240e983bad4db5dc67058e191c21da7a13857f5bffb777758fc66d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37322fde9ecd784126dabc53e2a29229
SHA1 f7847b15230d92d5542d079d0aa50d4b4b3e5c85
SHA256 3e0694063cb2c5e39e294db7bad0e26390beaf1244a6fbea688ccf94653d321c
SHA512 e543d9f8452e203a6752c2ae35930c604b9f6db8873119f26b182891e276fc15f53d06aa8241f03787a97eb5d26457c94beb97396f8384ab55491a3fd1f3f4f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 106c0befb9fe4f2185e53161dfe869d5
SHA1 63b9e611537ec62d3a9f1bc280ac89bd93c75335
SHA256 510faf711a2a501bee387ebab2dc1f71a766f96adf044e77867cdfa6aa7b5e1a
SHA512 40e84caf49257861a066bbacac40cddb46e245e19548bf1a8e358674a36b62527f4eaf8abc3b9183a2302acfa52da1b0b8a35023eb9dbccd93adfe8ca6f7ea25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c29307893d495721840707a4f2015ce
SHA1 13459920b6dde5dadd87269f4ae1eded39946051
SHA256 913e59d4eabf51a6ba5b42bb844c6eb8ca5227abf6072cf0c49e20e11793e5a6
SHA512 29116bf7cc1188e79b780c74f1d298b2a118db3591cd4c6fa4bd18634448334b9088bb4ae29704e62d9ed8a521c02a40f7f87b5c74aa493125774a50afa05de4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c85f216d91dc846bcd7a407cf113ffc
SHA1 2f8c3bdc3df235632c56753709371784f3182585
SHA256 188593dfdc45283cd65281ca0a71a11ff18e0979e6403861412c0189f14894a4
SHA512 306c6717680f793884eb2f2a62ba8c23ca8bbf4c86d57bcc4bf9917a6a55d61ae63dcf418255fc613ec4391d27263d00042c7cb076c56493ba3108d0bee82cbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce6cf4051f2690c64b9d3b66d294bd39
SHA1 f23196423da22d43ad2881b3a2e781c017fb7987
SHA256 56062f6cb93be15f548b359a351f13745a522bcef555dd54fefb6bacbfbeb9f4
SHA512 93716d68d7cd9cae91bd48c5fdb87f1251ccbbe610234bbd01e8852708fd9f59729c3797f3b1f778e9d9198d4388bc1608a0a3cd533f94c7ef68a939651e2299

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 badb56bcdb4833966a67dc06efaf8f8c
SHA1 8879b09edf3864385e06063ad7d90435773a638c
SHA256 4bb7c2cef9a9b739fd249521401ec4ba6626bc692fff4499573459fef0b620c3
SHA512 5e91512681b747122efdeab9abcee331a4811b0283865eda09411d9bc836b0bc188d98b51b343627bd47715291fda1b183652b35a979ebcbba9cfbc3918354c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06864d750014687cc5bd778302bb6e31
SHA1 4d585d5c7a7f91cc3122f2e4a2b842227945c7f7
SHA256 02799a7754691c7bc4275944236c1e7f37834126cdfec98284ded2e0bcd51bf4
SHA512 c9502d98c8357a1052f703e10363875c397698c527d89534650bb3b9fd7eb0ed5f15443e7306a748ba8639861440935fe00e58775d1fd4ceb083a2f7a24a4b93

Analysis: behavioral25

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

135s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_medication_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b000000000200000000001066000000010000200000008ef627ac412c5dc0cfe1de737406cf6ae42886ede2eecf47382ed5333a5bad70000000000e800000000200002000000022710d853d88e7c349ccc8950ad14443b09891cf752a3b130c5dc97ae7dad19d90000000aa7b83502b2ce4a75f89a2a57f641a67314f340b2d4d49dfd02c95427d1cab124f84e9017c2bbe7f0bb583623047b6d949b7396de9f70fdf306a9d80ef37342165367a24b9892fdc216cf8d9d3f3141587248b9c39fa21d20924e4721d9828c0b0648eb776d551e2fbec0009d114fa26e78ff3212ee8f48c1e638b715a5e75c9758354530afbd0ecb462a1c2ad016ac240000000c04a7204c764b0268e488a190ce66d26ac77995be696e9f84a107e6350804136940749d2337c658ff89dd17c1c3ac3f6f7f14ff0e3f1a25a6347e749a2ec0ec8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841081" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6A8E321-5BEE-11EE-A164-5EF5C936A496} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 708b95bbfbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b000000000200000000001066000000010000200000004809dded84b7ca1fa81b6db699cde908667afcb92ea95b4a5bebb7571755d943000000000e80000000020000200000004c962ceba5fd4f6a0c81652f4d678e4aeefae3215526f09d40c0bba4b9c03aea20000000cafd591ece0729cc9ca6c7a7ba6592bb8345cb76c73aec72bec4088289521f46400000003c1897b58364463ebf3a16175259894aac34315658cf526101248f0ec94a8e3d2c0b8c00646b2322917e9db563276e7e1fbc8e241a85822405a37103f0fb51fc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_medication_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab515E.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar521E.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cef2be7f578f0721eaf4edc1783cdd82
SHA1 125e29e09c0bfeb2d4ae896ccc040779f6e81e77
SHA256 366f26fffc98b40b89a8853d9a615d4c6b60f227f0cd4892f1fc532b6f4ca744
SHA512 cdaaa0bc939e9a1e3f2021655a5569dfcc01ba9cd60333cfa65dc443ab4bbcf4adf81bf13852b3c3bce34223ee19f94ee029c9be036c7b80bb56f6859607db91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7d07b6af1f09950428d58c3521c20e6
SHA1 680586d344eac6c13e3f0864e2b04c85e936e0f1
SHA256 5a3a32cf997166d0a8beaeca72c05155ac7728b2f26519b02641338808c6e87d
SHA512 f0cbe97fd4644b1261eb1fa89894fe840ec628e90eb46041e54160ed492d139f4869624dbf0f1af213896c012fe28a62b5883dad44b476a1419239e661fb3cd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3856119137d6ab7baf73160106c7c0b3
SHA1 bc74fa9de91eff3ca1462135097b0aea942900a1
SHA256 1ed011d90deff9b8d278356a7bd11b898045740b7d7c5c56d7ef68e5d3f96c29
SHA512 703d3f8610f8ea91d0dd245885502b0b4c3992ff86111bc91b2ff0a25791ed3fcecbe0043ddbf1130baae7bf4dd83f0070dce72bf495b1e556c9942093e255ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17110e78cb42c04bf57b7be19c25b772
SHA1 45f39ab33067feba4039ca0bd0c8c9ab2215783a
SHA256 fe2310f5d8f38c866744ea8ed85d629dfcebe4cdd76d560dd186294636290e5b
SHA512 698bc1fd132d5b70d9cd317aa5141631896e2fe86f8fc1b731fa6b3952f8cdc8c41b353c918e77189f5df139b74b060d860d2ed196a884c7ed6ce7f05f85a9bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81436bfe34d7e1ccb8616cb0fe75bafd
SHA1 df7e7d1498cdcdc1a78450373651daffeb18b44f
SHA256 d5ba289c052cac7b3fbcebc5a11300b84acc80df477b6addb5a6b66d6d89b6d0
SHA512 11c0e380ffcffe4b028a9df7fb38145a732262fe57e5b3a795fde4041e56027542b919712d6b2d1b9a15d105bd266e60713459bcc74596891280d509c6dd266c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b2820d95567a1639b03d80125d6933b
SHA1 683888369d5d064763b579a366643bad4cc408c9
SHA256 8ab03c18891082802e50d0e6b925f6411da8cced0b8a1b8bfac50f8171af55f3
SHA512 c33d1de68432f21e8d7d602d72ff0260ca987218cc505c38c2176e1f8c39d489dacfc6ce5a9e0a6ec9c4a087eb4057a6322c20947ed6fecd2f5e694baa00eb1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc84414356c01f0caeb86428c125f8e5
SHA1 5d91d20e33539f77f8a5ca8fcac808e1640f981a
SHA256 a26afb35ed4973034afcdb230758a31dc5a8c9760a33cdf6a7825923effe3db7
SHA512 0da32c564b0b3e44c8deff3944ad1ba7de2a3f066a71fa10112402a235b424199c28d7a62a3084a01c9af7a47251fa0263c34ccdfd007a8ced893a531d90b145

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6b4112191611e5e0a937ed4f3ae74d3
SHA1 4de750cecefefd8586b83889b564b2dff0b6fb44
SHA256 65cfe081942af9367a8fced602892fa9fa232409e688a4f8ab5b9e507d867cc9
SHA512 e99422c92ace8f7cb82ae44dfcc1ae9f7d4ef00d50040a1047d5c1041d84f1488bb76a9294d5000dc9b92f8ada914fcbdf8164055ff6bf0410bb225d8e4014ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1614b59bc68a4bb02d1b661eabf517e3
SHA1 a3870cdef8d92572c3696cdcc84b64184f0ea9ea
SHA256 c1928cfe787d8536cda8add1dbaf57156062779de238e9e8bdc353812d26b19f
SHA512 6ce48ac86e7867fe308cfe93e161161a134137296a76e6107bb3835e41f53a6754dff443b0badd8f7965a9e5a6108d0de8a99b10dbbc85ccfb5b213422f10da4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 383a3377f887fd1e6188a6d991d48ab6
SHA1 2e195485394b9cac457a79e53bc98ba4244323c1
SHA256 298e7c4cb0ba07a35fc017aaa7ba0b48b2ce2ed7f26077c77dfb5337707a4d3a
SHA512 1411bab94bc78fa2e3e88da13e84db75cfd86b9d810ac541a0933f85fb0272afb5d0784a279183458a5f6b29a7b8971f18ac44256ff382d823dbcfa0b2c0b1d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c29a4c1109631ca45507edb04c0caee0
SHA1 99cedc7d70275a59e529c8cba4a29641a73fdc4c
SHA256 74ed311e0543e71c5fd3611f8b716682ae33ce1698189caeb6678a565ea07ea4
SHA512 1389ae22c1fdac6dde64148c83ad8264770a48a2c46f1a4f23293365a52f828310916637e1fdbdd249825944225b7f75a6e00d1db99f01a4a3572885577a358d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd96bd89da1556e3da385349cf36c16e
SHA1 671abf0be1318ad1fd2af5ab93e38e325487b69b
SHA256 6d29b50485f49b759ac3e661f0e8f07ef37d653d1861662d7af47a30f3521134
SHA512 ea4f42ace159b8d814159ebad20df85000693150a8d25c53d23bb2ae4489f4e4a43bb0358a70c0cfb2bfefbe181bf2ad789d96e739a7208b51aa7278f7022b5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ce6769da4d2b3b96361979294444d20
SHA1 8b1950f476f1d4179c0e684adf578a1b8852eabe
SHA256 8bd6c59290632e341b3d851d26a6642db5c9b73ddbc7a3ca773dfc868fa9b56a
SHA512 fad1aa508f4725246df35c67781298d7a5fba7b17f34a21af6f1865f1df6350a35119fc33ee7ee8a8d40ea96d45c3828cef2e0a31ff8bb18c5a62f98ae42c757

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da43eb05b1d8a0c63c567af00d643442
SHA1 7b73693053413cc841d3fd4381839e3fac7697cb
SHA256 1df8776726c8c38ae7e3b0b0afbf2b63951b3cf8dd82c503eeec6049f3e0f345
SHA512 377877a180c75f6d802ad0f8b6f2cb91a12d15f95ce928b21b4b55200dffb39c0555af019d86702c9050d843180b563493b0c3ee403f94c9556457e8c5264543

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ea8333c9deeefee9bce13eb6dfadf5b
SHA1 e7597358a820cbe2c8251afbdd5ce3aca12087a4
SHA256 742962f0ef9262e55f0d182a2eaf0cc31fa891142de8d504f407f3d29697c732
SHA512 ab1fde457227833dbe97ed6cfa34b5c95c38da6ccc046dc017f4064aba33ec60a9966a7cb75bed64a162d77f483c8fa7a4ab141e09a6a745580dc49ad00483bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a542628f82cceaf5586febbb3bd4cc71
SHA1 7d1bb674090dd6f354047be991626006686343f0
SHA256 4157d9be46b53b06ce6270cdc6daf587d3a5cf1f803b4f527580a20c7af4aaae
SHA512 baa1a590c091d2bd5749b6c908c1cad9c002db571cb1f7e27d4996aedafaf71360f1c97d89585a64e812453acaf12c86607eed85d9fc81ecdc29291d3a1f673e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8a60e6dc59ad5015bd4c4fac786b11c
SHA1 a42ec119c86450dc6583c2ca4e653d7bed106690
SHA256 9fbf7b0af60ef6d475bba60a9e7673f8e24ae17c8b7a3eab1ea1f6e611a23dad
SHA512 586c71bf0b63fdb059f1c18343a5e57bc37df9c73974092d73c8532fb025d11c6ef295b82a6ae9a2218f6d4143729d6d6e3caec6b8664bffe13d8b624bf4327d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e20371568d95ac4fe9cd906ccb0b19bd
SHA1 928057e58c2b2a70e02d3a7c14285c0df38ce95a
SHA256 67932e7728f55f0a914f75c6dcca1a1c30adc888f3647f208abb0ef13086635e
SHA512 de49014b0a6a1a8a37176dfa4a9cf794f87fb994304a1f22d5b6e35be00e86e40129c20ac8fc09c1eb505ddd9630f4118e66b88931151cdbaaefda8d7e6c6458

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb2e2c44ff48a1a99c9fa65d14f9b7b8
SHA1 c10938026c76e6d265d337d61e5d9172e2ccac69
SHA256 2d88823df27960dc91deac5966e6ce6eff20b85f44063a69f037fc96c31ccce3
SHA512 03f0e66175da6e93b5103d99bba141d1452bd597e43c8811bade6942be273a9231d87ad135d9dafc107e8175e2789a87a35bcab07dfeee64e71cf354830a0d8e

Analysis: behavioral28

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

139s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_tracker_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f06bba8aaae7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023945248a016ff4caf831eebccac29d8000000000200000000001066000000010000200000001cf193fa645fc807794828c50c520e2eaf3badb4230eb36e3dbbe0f12c715c00000000000e80000000020000200000004078cd4aac65bc7e31b724488e32d0bd03c459b098bb118f29f259ef41bf8aea200000004c4c2e3c6a78217c71d46fc5b3189d1bcbd6a594445e274c1d1630f93666f945400000001cce6783c7d30aaf1b35552d4b76d1ef917884ddcb5f827270ba8657bad9d0d82414a49d27c27cf40eca56cdc8eee6edb9912adb2af0da7ab1be6e77f843c0f8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E8D0276D-5BEE-11EE-9359-6A906B243823} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401529702" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023945248a016ff4caf831eebccac29d8000000000200000000001066000000010000200000002846de6302b49993a00c8e651a9f99e858656ebe5241d68aa0487744807a6610000000000e8000000002000020000000e35e365dc344837268d6cbf36c4a732b52edbeecd162637682aa7b540680f58c200000007bc9e33123644a256059527ef8ece4068c8ecd5db383d6aad14743105bc15b3f40000000efb3e1420626d901dcbf75a281dfc32f5803f63129bb801d1839056d34d2b6c2437c35f15e4d2aa13cb0c9f313cff610bffa33d1c5cd909162f0313065841bde C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 309ea28aaae7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_tracker_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1328 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7A5L91DP\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral32

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

150s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_static_endcard_tmpl.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad356000000000020000000000106600000001000020000000dbea2cf8449cc9440b5b60b5d753f44522789c44b38e3b2bc4e78d2b52d13f53000000000e8000000002000020000000823759ae8aa6b4eba538e4d6f3d9939bf2b9e4b9aa4c4f6db3224fe947b0667d200000004ace0dd2da4a15cb02ad2352b72f046f79db862b4b6b60f12ed369e614ff33c4400000008f54bf3be02c1cebe1ca0aa75374a8b9db441a23bd64b42c96e92b1374745483eebcad02819a34ca7d94af2fb569742898560f7b08fbdc72c1b3e47b863fed76 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ce5bbaa1e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40706cbaa1e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6B378E4-5BEE-11EE-941E-462F79703E28} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401525920" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad35600000000002000000000010660000000100002000000023be8a371df0a7f656dd3d1443b8e41214a77ea640d98bc3a7aa7d9b43496c78000000000e8000000002000020000000a57e9e65c0c45062334a1b580cd96d8b39cae377f5e56887fea51db4157f1d6c2000000040598b744e657eace4e3c65ad9b7e50089df99b12a84c316e752692d5387904640000000f52c7898a3e37038188049f825934fd29745fa00b30d99eddfd187f816ea8fa4baa633ca0fad3ba7e4a15c651258fd2c3cfd59f01d91942a1c3b394176d52a06 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_static_endcard_tmpl.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 254.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRL3SWXH\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral24

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_labels_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2089ff80a9e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001525ae190b18d34db1dbd7ec819325760000000002000000000010660000000100002000000005cbf2b36eae9b63e9416ce8d34e0b464da5ad1e83f9f2f7e42d4c23a92ef470000000000e8000000002000020000000e905faf54183c0c5d402ad868678e49c990ffabb7a62ca1979cffe7d2c96d4dd20000000266766f6e112d892ba8d407bf6d71f6d662d01040f0b6da262f0f5c83ba5765940000000293e00385bbd3c25abc7dbfe0142bf55460023cf8434d98756193fef11fef71990362e0aa12abea719e20a4a6659e0e1ae65d8e1545c7035feca8ba72ec0362a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001525ae190b18d34db1dbd7ec8193257600000000020000000000106600000001000020000000d00e26b683d0e142e113c98a388c8719d535e1c68f77394e26472b1fbcaef5af000000000e8000000002000020000000013af9e430e6284c8d3acbd4339349f68a7d47d8e5737ccae76b92abbb2470f72000000007e16f9fe59ea4f335ef9cd50fb6cebc73177e7c03add0b6cf877afd7e7254bd400000009ec1b76fc4c9938ba290f744812eeb3b85aa7045546657d608bdba20b2721bb6cb074ee67a05a83aef2a76b18ead440147bcbe68138fbe26a4c0f06e1e57e1a0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50e7ee80a9e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6523E24-5BEE-11EE-8688-CE3E7C77A9B8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401529264" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_labels_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4052 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 254.3.248.8.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YQR9M4BX\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral27

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

136s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_tracker_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841082" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2006debbfbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000918258b1c6eaef44bc85c7515db804ef00000000020000000000106600000001000020000000db843725cfb46074129db44cf12765935098bb6a775a5b1e69d9bf91038a92e3000000000e80000000020000200000008018d3f81113496f586a15c9b82bc932f5993480414d3ac3f25d00c525ec82b490000000a3bc83e27661aba4cd68b9c3fa3426c5f1d70c81a3e76f9e7da8acb41230511effd60dbc3e748923e5edcc2232fdf6994d07225d2ac78c76265dba60866b5ff94782d9aa7aa63220dc8c9e065bb832d00a72f5b4d3be5e513a4e2d9a68d12f0e097e8f0d6a896e55b67114cf43d88deb100c99ce1730e2fa29f063045f8aa703bcd8718d6f01a01f51fd29ff1c593507400000005fcec7e1a986a03861d427fa79680ba42c75807a8f7ffa7da19b3549db9e4df4c658a81e10d87189d032e503d65e1713421e7e4fbce1235326041a4939f75502 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E707E371-5BEE-11EE-8E84-7200988DF339} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000918258b1c6eaef44bc85c7515db804ef000000000200000000001066000000010000200000003efeaffa554e49bab616a55c4cd798986683d90d14bea164a2986bd13ad614f5000000000e8000000002000020000000e0257f97ced4d0035c5a94da0904526749b22cf8632e767d1680cd95017cb7082000000067fb62e46be1366290250838e86826661b89f4a31386c9f25c5227aa7033f8fa4000000069ccfd9cded18bb971bc14f3e731cdb9409f2bdb99f5d46fbcf895ffc5422e22f002e3bdd2a9eec41fcd5570e642b1d70efe99a8200607f38c56e8c707d24b9d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_tracker_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5E97.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar5F07.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcb8822527cfe2bd5d21f7f6b91aa373
SHA1 1bdfd1d03c0f27fc8c05d390ac458fab1f06b631
SHA256 c5aea6ab1b4b9e658e9eccc8ffcc2617b08188aca89afacb472a354d6cb8155c
SHA512 73820251425d06cf8329ac69670b5b60237446c5e655a2b2d4c138049ad20169396527d31f84691446613391f070e1762095e289fc0c844d8f1cf4745d5487bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8cf9623e8c2daefb83b0e252aa48a3e
SHA1 42cff33ca59e7d68e4df268702d9f9e679e8788a
SHA256 d97c4a1490d8ea96ce7cdc1feffd2c87d1db9274598c9a78380fe7360e323684
SHA512 8e730d03a311631d8b577a79150cb0f456ba1b02c01d4277fabc488afd336634371351866bb8757de169125c7b1f7bf7c9cad247d1874da67733f2d2cdbcb253

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8984d1ddf49235ab7b5f272ccddacc9b
SHA1 a17e78eb99efd4abfef09229233aa9c5a99b684b
SHA256 3c1e3d4a685fc65185710627e72ef01d6d955994dbd163e9bbe3992a7e93c481
SHA512 26d7544b3af7b8ad0b260e10c451660ce245a7634171e286e5bf5fc10b392d8d1f6578c513e503e79e144b513a71215279ec2e9e4cd1d3e934524fc2abba33d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 451d1bed2b94465711cb83ed9f859a4f
SHA1 f9b9620e46efe192f9731be0c520ca742844d50a
SHA256 55e609c7aa327af62da74cb28692a497ba628bcd923a563be1070164f116a5d4
SHA512 68cce4d003992f137f958048cd64da99418a3cd47ea29c9dd058ee1e3524cf96dd9a9dfb733f355f807f8cd64d30b24ef3ac94a47310ff78c730019e8877aa4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a5c1ca4fc953b4273f1a81f8f9002e2
SHA1 7a8799bf75b0fdb1a7e47b0c6aa14013f61a814a
SHA256 503a1ba9e085c76949da82a3867120ecd0d5fd1b372667bf69c70879ce01d308
SHA512 5def62da172eda5ae8d65cff0e95c24ec6451b5d5859b9a4c13d1b126dc3a085f0a1e5676e65a36ceb2f6669f2838b22d4f2e166da91c1871e39460e5d53770d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb8d0eff6306289561ddc09f79a14cb5
SHA1 78945c9bdc10adf21df3a5415612509295cc729f
SHA256 b375ff639d7ef906c866c5785b6bed77901b6e741f27a9bb232d49392c6b347d
SHA512 a88274ac8fa85bda615608dfee5cddf28872dc74d888247ee7fcd3eabc4ca29c4d6481ccc9fd59195ccb47b8f7b01eaf485bda884f99ab10e98eb788dcad13ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c7ec905e12cf9dcf771bfa40b779a35
SHA1 e1b0c3329e2dda5b14e28e89bb2b76c85b8ac8b2
SHA256 ed22da05d15cc1a5f6f5de40b43a9ca9cf06f90b03006c9e61af9ed7fe00b459
SHA512 6fb4de696426380407209c4b3fa33fc257a00ae6bbf530069aea3d40448f7a1abfc752ff1439f1aba8b0af71ad0b14b37c5c459544966f70bc4a9c055ff72a5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f6b06ab26a977d4160aea14c7027b64
SHA1 ee0dd09c66f7c17128c5b270b667fbc7f608c28a
SHA256 5194e2eeb145c3da68f57fdf92d2b8cd79a345b664ea229183f5491592d96829
SHA512 3527aa07fd5b6a3cb9fb889b3109a1b7bec1ad4ff461fdf64f8dfa44853ee8b9bb5924119bbec27c6b794916e0d3da4583ffb682bc9dfbe2052916f1f321ea2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05060897be2e51d031f85cc8c6929849
SHA1 b06ec67e95b583d9816277c6c549d8a5d3c56098
SHA256 2d96ae286fde59d16384d14ffab9ccf3549ea11a024823907de6e60bdbee4ad9
SHA512 09f700d0de9a6b3fb745f620ef0ab63f045621d1f080cbfff4d4aff8077e7b0c1a1a4edad9b3657f41bf19ef7dcbb7ba2642755e3ec77bef7bf7afacfc8d5759

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c500947dfd65dc7975f8376d8427510
SHA1 285ee82c019acdfc12a48e204340eb6ba90ae38d
SHA256 ec5fd6e5302650a81f5cd6e70401a0aabbc7449cca23c81691e878fa19d6c0ed
SHA512 94fbef8707221ca30796edf13576ab6604f9003479d206104fe1f0853a55126cb20018c6e66358eeb68d86fb247ee12faf320548fd25b32e591e6661304584da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e0313613b4f4d9950dff5e920b6118c
SHA1 84b74fb7b172157598d87ae5883cdb0104bca742
SHA256 1d529516ad1cffb972e7d199e5caf1b0245dfe7e994249fbbefd91d654858455
SHA512 bf103364ba403250897895c23ec240816c05f1152e4a6bf2d281b078f6236741e9a003f0b13690f86d5eafb87ac69e1fe2975ef9276e09cc40b666e6ab4b086a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5580a8cf131002938d984f249a62840c
SHA1 a0645ec37eeedc609378298d59c0d8985ccff68a
SHA256 c574962b8efb5a25fbf51aa3ddd20bd02ddad95e83a6eeb847a14672194360dc
SHA512 d443e431a493ee12de1485deb732f863678b72efef4b8b22876e2a504c4a32f4ef06a912b2a4ab07f69a0c04e2e3ddc1311e8ec20ae4ad10653eb39cef6c9f8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27f82558f5607fcd2beb56c2f1c75229
SHA1 f2287ebcc8f4c6205865a830a8fb2a71b759fea3
SHA256 9a4c26117390ab453e8d3e37aaef0972598ee355657c4508e1cdd88480ad7f72
SHA512 914e6e3308bd67a84a42fa9d92a952c963da0dafec6aabea4083be649a733f3b5ee28203b916bd24355982caaff025d789bb0e3ea7e7c9a5c8a01040b3464afe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7e2ae6a93b9976b69bc44b1cb46e829
SHA1 0ee4bc2d6e47f40f8e83414277c82609f1ff7ffe
SHA256 76c2a699d388361626ca74d3ca4c1bd43459a134acc2fae3610c1cafe3818cdd
SHA512 2a593333d19e65860ff4a70fe11d551f4fdc5c38c438d502de1eb3e250a7e9805429a049ada5e2f70da30d1b0ddc86920f31c151b2d814cdffdb28423a109fd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d28b6f5e5da84ff63f87f60f243f47d
SHA1 e8b5308af4d568f4aae8f521567fe802a278027d
SHA256 6400e741169cdcaf6050037ccc012fc6fc0ae75a200d30f1dfc8d5dc7d877def
SHA512 2d011310020de718c0595f88938690df917239dbf4667671caa6d2b11e97ad0f507c8d786ed7c83190cb957093aa38053d0c620ccbdb740260eca97178f2a4ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9628bc32967acd664733ca63ed4d88b3
SHA1 d7d9faef92b32b527dc4b16ab8b881d25619a386
SHA256 79ffbf0ba38ce59afdc8c5e636d4d8c60192121527da6a54c7a6c73987ed788a
SHA512 598d51bd99e79eaa12e511c203ef309be37dfb4a6f6c69eb4ebf3f0aca7373bb5057a1d882f488878b29ab71e26f5df2ffe5423d63161d50cbff31dfdd1b9163

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af9f36f20417a1bfd01e17865c0bb4c5
SHA1 b5c6e8a675fd2df563b65b096283e08910f1c031
SHA256 83e106c146646ac4b3c9be7c1de91f926a1dc1d5f6a56856ac9b043764f6771c
SHA512 9eac91c650b8c500ab09f369306a28d8a89eb8723c9d149d2f255d0259c12f6514e133862c72ee2495841579a9b38794b93cb20e8a792adf7655bb39b9a519f1

Analysis: behavioral21

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

135s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_insulin_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841081" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b0000000002000000000010660000000100002000000027674baeb3af7fb510810b0401bb1f5e43cd2e7a3fe90ec9244a125377294b71000000000e800000000200002000000059498cd025bbf863a05933f5305e0282390b6ad341ec9033f567a8dae066ddf12000000096a5a8402b70fed7fb1766208b9b524e82ecef106452058117835695f1302cc9400000000c6932d5b4daaba7c6c5158094c7d1765ad69fafde20e675251e361bac8736e0d9e3d83d0bd29239b2d3643657a404ddc32a7e46bf81c049c1f317da907e63a5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1067f1bbfbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E70CEC81-5BEE-11EE-B710-4249527DEDD7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000fe3f077fafcf8d83c65246f7c90176a687315a37350abd1eccfeb9b4b6ae3333000000000e800000000200002000000015865c61d4d1285b7496a7b22629d58029153bcce20930469d5ee3d0775529c69000000084ce96ebcc681ebbdb2dc38f8437d8171782bbcb1c4d7656d1a656c16a4bdece48e3673f6d2e620fa1087bc18c98f82bde7dd421cc8935de7e0300b9b9481ddfb40ecbc8883e361b604eb9518236f2d5dc8501d20abd65abee7c6f80cf4579e42ee1d514c8d671e3c8f6b7d8245b085cfae473a49df3b9de7cce440e0b3ee9a35685569f1de644c7e3457c253b0af13140000000c85885b7d7e0eebd46805672416cd06971072c53d111f141c638a4feeedb771d679b369375f4ad91a186ca74afb543b3f23ea9df3537f98b10e44223bd43981f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_insulin_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1572 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA094.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarA0D7.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02a24a42ff32165ef37ca35f07f4682e
SHA1 ddc484441e215c9250a1e03efce23bb248ae0f3a
SHA256 e3e42eddd9ffefd44f2edaa4c6a1076959a7ffa7ddacf37590171e3db08257e2
SHA512 afc740873015575b0c201ed09d55942e381a7dbd4a5e04473ce2b11f63e3b387b66e0bf9d3618350e5f1ac921ef3c0ff254ec8ee006fdc05eb74b2de055bc2a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07d1d2e4cc1e578a7affafb62623cff5
SHA1 d0580e62373d6feabf2781481bceeae06db583ae
SHA256 bfa69711abb30bce02b9decaf1fb0a09d86fb0719a569928a46df0ee9a6ad039
SHA512 347d116207bb3ec05afac8f75edae0c74e37fd367a251007cec4964025b4e16b5866faa9988e6775df6743b0d6eb57e08e66b36c5ca7651a36f1fd7b0be9fb22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c62fe5c5a3b9df61d5178f6a35e8bc5
SHA1 c500b09763829c34b557f937c7210b66e1dd0728
SHA256 0516d6761dd0c4f2d083aac749f2772b034094bdc7186d126cf3c790d4e7ace8
SHA512 3a1fffad906132c85a850b57dbf70ef43163cfad162357164f67da00b74710ac89abfea8d27b8db25c1f64d632019ff114d826499ec1a31e074d14d2eea7e4a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea786f96ec6757518bce064b5512723d
SHA1 fd2f12de44cd70923cab5995be8cd9cb2f238045
SHA256 475259c61d68314c9566ff2398a205a18cb7b34f0d4f4f55e8c2a0b7d75cdaaa
SHA512 ac27c278612e56abf72a3022d453344177c97d19a5be5fdde6e518a9d7a574e1febac6698c3c41f92aad34bef5670661bcb2296e3b86a8dabde8b8b51a6e21f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea4b9fadf0684dcdbf58cf2d5d5c2c37
SHA1 92415042f960aba59b347ccced9be826c5ad4f7a
SHA256 89fe64b14de6b75d8df43eb8558b9028d9e9944a28869e9d2d86525b7881bfdd
SHA512 2593523e1d34d2c7561706db1abd415107fbca3d4e9689e5a58524ed0aed79f19a7024639127a319d37db7a77e3d3f8d75c80c8d832120fa20f2a1bdd35d4984

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfe90bcc6ef9557ebe3f68d355822c11
SHA1 70a3ba5ea9ca28201703676e77c686ce8b480e22
SHA256 da703d1ce517a144cbdecb61084e0dd607e73b03eb879d905a2a7d2463fee6fa
SHA512 f6d0ff7ddd8b76981e9010445de2631ff6ce943fb88ac510cd4e94f7524b5b83858d69094fd80de4e227180136b31be21bf129c2c91aaba72e815cc8ff9a36fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bd924c564c0618f09a4c46e42d1a433
SHA1 2f24576007518afd75766a9f8f783dbd40836c2a
SHA256 3527d3a6f7a19f1b3256aa24ce62951920206d37ea946ccb1b6daaeacb7f9feb
SHA512 b56003079efdbdf761b9f5900273e4f6a3b9cdbaa1231d412dcb85c1301f6b29fbe06d07474849b560575f8b4b7456c566444092752ce307b5e4b5a3ad3ec5fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dcc4c8e80381b12c421abfe52b91747
SHA1 9e5c8c56b2868ab2f03b2157f88ff5e9f334eb19
SHA256 588fef2fa25653d52c6ee48f937123ff8e5aa5b6e1c833368814297e21289fb5
SHA512 0fb6d8157df058fea7511934639de61846486447987b429de55c2cb741f7f1dcb39a92ed1978592f24d6d8750a27964bc5bdc3051341b5157cb984112f8fc519

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73ca42915c68c315f30b197a38671400
SHA1 1da4d81e62531c6f6cfb8fde17ad8cf98bfbc589
SHA256 4514c2b0579fbd1eda17e7441a8bc73cbe016f7b1d8a0c291f6d923c92d6ef77
SHA512 3c7959d7da570a19a67f27a60f9735c94e4eed73b70baff6d56bea438d458a0f53313d26c38f77f949e958df4a938330e251e4a96a392785ac5e4379422ac57b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2725e8e4e25520f10dc6f5e126aed3e4
SHA1 523460a74e0575b62e52eeee7cf3f862173e1db6
SHA256 9ff05abd8d5fb9fa1bb73402c0131487ac9bd17d00a1fe99646a48c4f0e85d80
SHA512 3aade3c1c3acead1a76691533ea9f82ad9af4088f2699e4166448822d61dca50bbe5724937ad6db9f5330216397363acea06ac6fe70aa1dae86793448b6357b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a483501e09536a2437073027e99e2f0
SHA1 4d33023497725790c100997494f06f120cad90cb
SHA256 3537ad3a9211e860d68e80c7dd45bfc197e93f05dc7d8d7365320cc2d0c9b85b
SHA512 13cd1d8424c9babfe5bff415fbd47e83610e5540eaaf53312bddbeed7095e5678b0fc46420bc723adf1cbf04db4772e955e07e57312b502c9e01d338200ff8a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4c34a60b0f21d419c16d86ab4b26f54
SHA1 5bf54e9041257ab769980c2c4f885c20423c5f1f
SHA256 d90c61fe61acc924908ce9d8da199676d494c1a4b93a0853fe4a580f7a820496
SHA512 e5063363a91aa1819958bd1655cafe28dcf6c5cdadd0d30d2d042384abc3e24b65423c93392caa42e82aac7298eb2d48ea7634eabbaae66c69c7820003094c2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30008c08be6d75a418ccf232d4bcb15a
SHA1 859af7b47d5bb926f26bd27298d28d3669f838af
SHA256 b0dad5e4b2d7876a1bc005fd76c8d5d0797a33963cbeb755b3f2bb4f53fdeb35
SHA512 71dac8f802468649e043377f3926eefadb268f9062586c08b1bdbc0f4e1acba089224c1ecc7579c8b6005e8e5c3157c8a1cf764decbc794e1662f210ae1a53ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5799ecc524110582c1260626b3fe8110
SHA1 a7d1797071daad8322a4ec5e2762e0efc839edd9
SHA256 0ee977c7f49453844f4737e177cc2adb02cdd4c39263376496528e177f065e4c
SHA512 968fb74fe868cc63e2be147d2cef4b0fdb0718fe1d5ea86e9d503faf0f0860eeec093f16dd7fef443c86410ac607a19412c142dd75f34d2438c1732a398d8fa2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe98e03895e2c7e5fea8f8c85ff7dc68
SHA1 e6b70d233fdb16c16aa3fe1a81a4fc351c2b8b45
SHA256 df0777832d607ea645f86977ec5537063fd6582b6204ee18671e0aeed640d134
SHA512 b145dfc8bd0c80e4a89f2baf2e73a0f7eab5fe3e9f34c93733f4a96f4ab70dc6876b590bf65bd7a49d1de65432c0b313cce6754dd03967d819031758a50dbdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12967da9a3f5dfd7c4c40a93a85dfbb7
SHA1 5115a3aa634f3a37ad5c869e7dff9fee3a08fc90
SHA256 3b7402c18cf00b3b88d24ef7aa39f691460f93e7438469005d449179f0c84d6f
SHA512 19a2d5a495f0f03af2f210073e7abd1950dd51bb4372df731e335ea7c701e52b139c9c14b940865cc1fe8f5c4dea54bb4d22c8a2141dd038af93c457a1935628

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2a5568c2843f38ad77a29136719db9d
SHA1 1638cf49ca6c956ca93dde5308798a238233db55
SHA256 b0d63158830b8802c12953c1947f0063886ff73e5801407b041d8029575b1a84
SHA512 58ebcd589d61b5b323c59d35434c1d6dc658fd13f160cf3c7712e45775fd3eba60b6ec9bc964956ae9950aaffb765cc3a7a117b0ba184839c795c00e5f671ee9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b132fc32a69fb030255968cb395c6a5
SHA1 8b5552620aec6cff29621ffad7c09f75dfd787d4
SHA256 264b04a44821247faddde82d9b03ecadb34cc06f04f69f0ccfe59e9841ee70c3
SHA512 596897df0236ceeaa4d7ad45ca70b0bf24a29c6d522b913424c601620f4835899ee8349e8e081113ae9de7c1bf22ac6ed85feb43091c682f1a30e935291f1d10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3fa6815a0eab6cb3067d5e1061472db
SHA1 357f7e381ca9210c27c9c54db16006733e5057bd
SHA256 b8389c24ea0534ce826de4ca5f4453ab11b915adb743cddad3b3eeb84f451b92
SHA512 41f9fae5714b3b1a429228a475e7d73699a152d9361d834d3174de134cbaf2028b10f576798b12eb987bf4922c8a9f6354ca31bd6743f150901e75871693ac2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35759f1bfaf9f377983d38e0224e1e42
SHA1 f80e84d2af1abe97ceb4614f0735fa37555f99e3
SHA256 a4317cb78e8430fa9c0c1d6f7d5d2a19e59138d0cffb72c71593fcfb44fb4c9f
SHA512 2b83457304acc6ce8856f4a8bf4fc296df1b301a57bb6906e4385d9cbf08281fc0e09e2127983dfaa7a5d84611c13b28dd32cee31a5d3d42ac2f558eb02940e5

Analysis: behavioral22

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win10v2004-20230915-en

Max time kernel

147s

Max time network

153s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_insulin_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0172549a8e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E686A5E5-5BEE-11EE-A4AD-C68ECCB5A471} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea9000000000200000000001066000000010000200000000786a54e3da48af01c2df9952c0dcdaa7e4129f89f480c45c5e827717691b4eb000000000e8000000002000020000000f3d4d06f536cf1544f18cb4bfe6234524cbd4bca653a34a7b842791dd2fc2525200000009b24cd5941ebb58a02228df59f5d153b6ada2401772e0465acbf458f0955676040000000f037eaa0361fb605aaf60826d3dea62132a4c90925ca359a1c338835bea29368472e3d09038f8b63809fee6695c4031fce77e4f50fc1f12f54fc45c4ec561012 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10c01649a8e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401528737" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea90000000002000000000010660000000100002000000038e8c36580852b92dc7a94a2132bd588d1e2d95c211709ca09c01f0dbe3e68e7000000000e800000000200002000000029144151faf5885d36ee42035698f2444fe4719d5d8b4550334a8f20cfb8bf7d20000000891c4a5b76cc81df75818cd70cf5ca70b154cbda157d8ca2123b9e07b36d38f640000000ffc2a9b9cfffbfacc17ac067d143238513c8e2bfc1b3a874f54e4b6d80630ad5bb30ee477b76d7bb2f4d71cfa22a399101cff05e5719b084bff0f7e250129069 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_insulin_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1132 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZFOAR009\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral29

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

134s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000747672b6fc6a08ad37a8af1c4e5456db7ca8d8c66cde8a7cec57df2af1b808cf000000000e8000000002000020000000207fa217a4cbd2ea39236a6cd3035109a928a141a005229fd3f663c3c002270590000000868c49734c43e576661749d8f641a5624b639bb47194e82091a824aa91ef91c1f5ce2edea7bf7540c4cf62c921d6adb70456f2f8bcda9fddbc943f597ca3a665fa362f75b5086ca64af418bbae7652027e173ae879028035e533a10fdbd77309630046d11936b4c4fa5a485efca18eb5bd56b462519c3c583848558365b1a07688914084a61687f6887f51d08b1d8733400000002c4bd2471060dd9fe393dc698566766c1a6751836e48dfc282c74641da17f36f208de21c5776c11ef465a1fd1a91e4ee0ee912c057bb3fe587eabdd9e9663951 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b0000000002000000000010660000000100002000000084384ce22336f0004146ba96cfc20897b572dd3e81ff9850df7bd10bac8bff06000000000e800000000200002000000062d9b474c914de3af8a387df108f98b231d9e4127651e77b3db909b0647053b72000000033445a6fc9d7003eca6fa21013b5388032fa71cfa5047aec22d099069de4db814000000049ef29c3893ffefe77a18111ccb5a6debf8381bb211e7f927df3b2d8bb70379ee5e3e4d2e6fa17bdc259cb952344c808b4e45f2691b341173cfdd1627e58692d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841081" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7134D51-5BEE-11EE-B32E-661AB9D85156} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80adfebbfbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA2E7.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarA32A.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9dc4b42c6a2ab54f09dbbdaca5938b8d
SHA1 492037a1ab0493bd77a2e2c0301d0f29ea1dd404
SHA256 cff14e4258b56be1d2e78181bc930b4239c10dec4df0c0f6a14edc7ed23a9c5a
SHA512 88a9f483562a0c6fc6daedef4703e5fb18bff3ad05d279c45aacfe87ce2f2be2c3848055cc6dc6c2245d43b820c14a2ebfe4c9fa501915ede4f59f0b17b6ab1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fd45f04320ffdd2b593839b72f047f0
SHA1 d000a6edbc2f7aaaa85de5181dbcc0076b721aa1
SHA256 a2ef3561d9b24c7a59264b35f686975a4f8cd0e012f9c2fc056603dce5617cdf
SHA512 688194c5a037319691c49aab673831de4802f46318b1066291271154722632733244f089082afe76ed3d3b832cca2c3435c0feac3b75ec74cb8ce8befbc24344

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcd9eb520b84f608bbf56e0346106190
SHA1 6160d57ecfa72457f33a0c111cdfed246f45ea5e
SHA256 e0a100adeb82152fad40a8708f113f95ad347f37e1fa314c270f207fb9848715
SHA512 2c5d45c0d18c009ec4b481708ea3af91d0d489eccfcbc89848aafaca5b0b7dfc517c7bd003e5369cab16207fb12dae40ee47df6338e39d6e90484b67c9a22f0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b65aba3a7199bf822ea13406882aba0f
SHA1 d9004cbca9da70b07dbc0330bfd363051f32b597
SHA256 b89d5bac744c38106f4d8568714b5bf1c6fd289dfc5b08d1ee5894f98f1d2338
SHA512 5d3ba6dfd2da4b1b5dade68589985b82f6e67c44471e570d596df3fc86784232393801344203e4e1b2fb0d5813c92d80beb21acbdd45cf82a997e9b4942cc162

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb0a707ecbb72ba14bdf4909c00f98b1
SHA1 304acd07a03e9d9998711e3deb07bbddc9de3922
SHA256 dc3e19b014ae653098121a97211491d1cda1a839a344c106b0331df864d4adfc
SHA512 384399662a9b19072cdf75ca346b16248389b5095c9c07a6352f0bcef784e747eaabe12862cf87fabcb7492a6f37c4e84fe24bd1afad580c94e6c2a36c27804e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 990aaafdce38ed56718f01ae7b148851
SHA1 25ffa44015f2bdf81784566e7344815f1014292b
SHA256 1f7db71c0183dc3a54436674bd6e54f86ff21da5048a717152c723f58a1ca259
SHA512 2c7c9f487ba2e05e2434e02cf718e53e0e65c8239c05e0a4364da66341d3271a12c79236cf5362ddd0968a00cb7ef55dc483452b7fe9a814185c4b060b01f235

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acb6d683ffb271aa02f416a1a1db483d
SHA1 9653347616830f1fe08229538bdab0a251999ec3
SHA256 7613d0fa312448cb28f19bcdcf27750792d5ba7653502aec64fda5326637bbdc
SHA512 ba79c70642e44e5cab0075f5c8a25a9b194064691662e58f4c41c8d23396d9a7f01277eee9edf426599f8a94588b74346a083bcf6959343fc3dd1d232b135a59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d657011e47c4483b110baa1de4a8153
SHA1 8f11f33242d259b2f0d21aee6c22f122909b2743
SHA256 6a7655a023325a810d76777ee3de971e5a880aafb7b12b64d3a07a2b9270d2ef
SHA512 260e2bbd058fd5ac0aa56f4614f5d1066bf28c507e8641f8f14835b43774671c2301a6425eec900b152c3ec889892803acdd6f31e163238887ef3b076b91a204

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c1141fd5265a620dacf8e6171903171
SHA1 6a93993f54e295d8391d67700aba206117af3076
SHA256 b521bf56bcb33c0334fdcede3c58421283cc8807c5a0aa0240359ac0e223e267
SHA512 44470e5b3cf4f45e0d051db82dea7e9e319142972ef6a00e0f388d8c02b69446459464ebe6c16ae1b661ba9de4f7e95ff63a43ec2cb4b625314e492f0c0a2660

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b4d996a9291470aa3082a677adaa8db
SHA1 b803c2431a16185f295adff2a43d1e59cefec79a
SHA256 6caa29d0ffbfea1d746d371ade539cc2ca4b944b21a178da1a7b9de357d54c58
SHA512 a1843d5229450bf6f30885777034b32d7fce967afab2dc23feb458d9083b1e41d10f30a62b22a0844ccd9dd72c2ea85c29f489cca071e0c1c5e0f50a5fdc54a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d008507ff1a40d5ee70186899ef3eb21
SHA1 acabda75b2c7b9eabbf7a24f4237e1a2bd44e7a0
SHA256 3600ac7e7047565f5b7c03089a63790c14466f1102a88b105c8edc5e71855deb
SHA512 fbb145696ef33ffa3a7e2a950b4bf40b5555b701580b5f5868ef4e0c9d9ae10451e10b772797a5aa75ab5cdc5e45932079f48018a990335239e0119745759af9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3a134feb68871d74c2358fa12baafda
SHA1 ed0c5bbffe656a776de3cb6f5a4e92015d95f6be
SHA256 21725326540d4f42f694e3cfeb973cafc66e7603462d8d6b9bad7116cc01d494
SHA512 563da52f3d09916e232a6d12a82cfd34c9a73fc5dc8fbbe8161cc1a9b761a7c9392fbc8dbbd55abc0202b62c9a304815fb0d46604e33a12ffcf4a1f6fd3fac76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2b4889c1918e8fec0ae9030c1bd1c33
SHA1 f4053fee2d9e4c2bed7239fea9eb26fc7e029c1c
SHA256 c2b17eb3a5cacb31c8721152f06d5cac0f17d067c533b1aa519138afe2389f3f
SHA512 64d91298cc046c04d0e7d8e7661b73d9edef1f15a600d1f141dbb424b8d7d08e1e90669afdb62dd351aaaebd66e1f17d53d1006e671f77380c0e691d5bf68de8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5eb2b2c5c0ec10c911bbbc500b54cbd
SHA1 a41f1733a39f0dabe43fb07f4935f8154090edad
SHA256 1c683c7e51442a2e09a909a32ad7f5638221ad7ae560d5ea61741200a0b397a1
SHA512 9019ec2d750a653fdc28761f2febfd1b4695c3352a3afc7169a9b622212d016ba0c059a61f6c52134a00c233d0c9e17c8246686bc7d177fc8c50c035cf18372d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b9e14cb89853fdad5ef495f9a6b0bf9
SHA1 4ec42eb1ee132870c6abacd189486968243dfb23
SHA256 5f688098e10b1d3e831d458ea21299487c72b0b861292d0195b4e58086bf3a6e
SHA512 adadc2ba44cf06959ec16c4934966033b5954d448c8c3a66ab5dba72a8a4e488af6026c7fe01eeee810dbc197eabcd4bc9bfd32b5494f2fc9a6b7e09786e8256

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf5829e407bbb9063559e8fcaed68d0d
SHA1 5a6ea6a06ad8d7b3423a33a948cb5f35a835a509
SHA256 ffd00ebc9f0b8f76f1c6c4383d1e3c9339715bc73c3132b9c16ab3e32c5451e0
SHA512 98076f7d1c06be8f77a7778a574284799571a9c08c17bd58e9c569fbe9a2fb82ea6782d80d898b394c5d579088eba21c618f12803d058ce1506f9e124fc85010

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a91382ecd7b1393627aaa92f92162807
SHA1 982d5fe261d01a25a72c8debf90b4ddf8cc69f30
SHA256 8713901a6739e4670a0386fb7c860247ee56a6e2fc24deafcdc8be4394239512
SHA512 139d154b55dd90d70adee274116de684cce957b9d5cf68a85bd0dc8536e3528994991b9e862b115f9e94f22774d41bd5f7764075c3e6e77d34d49348298ac39d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91884bf2a3153be307480cd89864536a
SHA1 bd0cb05946b49751e1cf9c7ce750cb2e13bea985
SHA256 ec7c15cc96524cc4c39a46cb21e7e486f50ea0deaf04259e2443e9928d695ccc
SHA512 48b590379e02c9f02bfcf64622b49a69af979e813ef73fe441f77665994116182bbfa45be1571ee981c57e94679e58f93b816662d1178db128eb1cbc55b3cedd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5ac06b76ea260e1d661972f797496cf
SHA1 389d30b655ad12802734d4d721f07f89e214dc28
SHA256 d82bec3b0c21ad703514bb596dcce2c7233d201d5e503dedea36959c610d262b
SHA512 88a4787e258fabb8de62333f4348b7db3deaee0ab3c8fab213c37069801788371d3cd6129783ec97cae93c9a5a4d3b9c6d9e37cafc82456f699a1936e4e42f42

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

android-x86-arm-20230831-en

Max time kernel

3462248s

Max time network

137s

Command Line

com.riverfront8

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json N/A N/A
N/A /data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json N/A N/A
N/A /data/user/0/com.riverfront8/cache/ngzvnyttctwi N/A N/A
N/A /data/user/0/com.riverfront8/cache/ngzvnyttctwi N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.riverfront8

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.riverfront8/app_DynamicOptDex/oat/x86/HfoGUZM.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
GB 216.58.208.106:443 infinitedata-pa.googleapis.com tcp
NL 142.251.36.10:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 142.250.179.170:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 jikugac818v.vip udp
US 1.1.1.1:53 passajire555.live udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 zaglefolki1.info udp
US 1.1.1.1:53 majestike8ca.top udp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
DE 172.217.23.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
NL 142.250.179.170:443 semanticlocation-pa.googleapis.com tcp
N/A 185.161.248.142:443 majestike8ca.top tcp
N/A 185.161.248.142:443 majestike8ca.top tcp

Files

/data/data/com.riverfront8/app_DynamicOptDex/HfoGUZM.json

MD5 f9d7541e53b3da21b07114b994c5574d
SHA1 0dceb9f2b238c417f877ce2c5d659c342a55cdde
SHA256 5938a3b4d175985478b8bd2c7ec400fe969855493528ef982e511ca6cb4138ed
SHA512 00e2cc5c4368472fc9fa8b574b55b6c0e18b0a8accfacaa905c7be7844f6cd41ea88fdea35002bb6531e3706619d686434abcead6c672c994524dc51273070cf

/data/data/com.riverfront8/app_DynamicOptDex/HfoGUZM.json

MD5 b3f54bdf5727697c33a0f7d3076987c7
SHA1 56477825c1b2731afa1a9b76ebb8c533075df827
SHA256 11c9f73978d5a9a12e89bfa4f3ac7c36fd9281438798e75f113cc5a6004cbfc3
SHA512 caa8f233e77b585f6d8cbb08384d974494edcb3705139e9b702a057eac66b9b03ba556c58d5340de6d30ecf64ea7d80dc7afda08b78de6a20e2de238e14d6c92

/data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json

MD5 6a77912b650e56c029a71f6865345df1
SHA1 f87804085c6f813bbb506e0a0e26f60b494383fb
SHA256 d1ea67963a8e3dc3e34ed70537cbd2c8c8a5971ef27091831c88be1fda02671f
SHA512 5cf7f167ed81172fc9884bf45b48be84f45499bd3bfba47615695ad5ca53f5f6f2fc2f8532f4811d444f6179f9cea51148211ad108cf1ab5e88a92c11ad8c68e

/data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json

MD5 5d64d0e86c763406334f7a91e9776e6c
SHA1 0198b2c619bdfae3014ce35834504fd8526c245b
SHA256 92a1cdac4eab99a2ca490d942dd1b71fba264f847504267676c1b2757fb03ebe
SHA512 32adff32c7006bb31125699998bd2b7fb1fa96770bc2257f181742f2bc767872d70ce8578e74d7233c40e52d3f128473569dbc7d913261e50fe0ea53ffe04469

/data/data/com.riverfront8/cache/ngzvnyttctwi

MD5 20efb40c46b088b3d7f833f6c3cfda07
SHA1 9e61943af7a5c19362385f4caf6c985bcc554995
SHA256 7eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb
SHA512 af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce

/data/user/0/com.riverfront8/cache/ngzvnyttctwi

MD5 20efb40c46b088b3d7f833f6c3cfda07
SHA1 9e61943af7a5c19362385f4caf6c985bcc554995
SHA256 7eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb
SHA512 af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce

/data/user/0/com.riverfront8/cache/ngzvnyttctwi

MD5 20efb40c46b088b3d7f833f6c3cfda07
SHA1 9e61943af7a5c19362385f4caf6c985bcc554995
SHA256 7eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb
SHA512 af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce

/data/data/com.riverfront8/kl.txt

MD5 6311c3fd15588bb5c126e6c28ff5fffe
SHA1 ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA256 8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA512 2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

/data/data/com.riverfront8/kl.txt

MD5 cdcf98b844d7d910d2cafa1b55c65014
SHA1 5773912b163bdcbf83438cc1c82f1b0b007fa534
SHA256 6ab4f090022292d3716a260f936ecb77370ecef4424c3b92be931ed34b1df512
SHA512 cb0592f637fe3a81b797ec4c79071cef06c532912f52e8dfb8992f043f2b5a6fe70b1ee069e9faf0fda630e1fb38b56dbc28de792f493d3f46b3f0a118897e88

/data/data/com.riverfront8/kl.txt

MD5 d3cba7ede8ceebd0b9bfe110a4c62961
SHA1 1036b749b0099cf5720677545ec03fa897e0156d
SHA256 56319f3f24210c32b7f77b446b9828623e2313cf2564a9f5d66b39e7db6dcbca
SHA512 599dfe5ba108904d34d984999c8f5ccdc9e8f60ee4067a923612a58cb6770417c0e1e5c1d9d895705cd3112a20cd35744c350fa876c4f84f938d90a624b96592

/data/data/com.riverfront8/kl.txt

MD5 2dd98ca4233196e57353dc36c581fff1
SHA1 86ad71a823446b84d0bb15fe382c069752736060
SHA256 140074f0ac30577522f820f30f41e816b70985394e2ccc466a2916d395290b23
SHA512 19f3131b34c4019c68250640cfab3ebffd53babdc88f013695721b61f891a1483f8d3b5625e494ab64c19185c8888b3845f38c25a26536a0298cb62df6ab112f

/data/data/com.riverfront8/kl.txt

MD5 f9cb955d4cc7f99fa932b419d7604555
SHA1 95e311fcbbadc8b2a75f9cff28b7f265260d8d6c
SHA256 ffe88db93a1ff0e5a3a5a9eedcaba8848237288a947a06eddd0935e88b14de19
SHA512 0fa7b6747ab4322232eb1ba8bb152013cfa72af122a494a58b0c4612602036a768790fe29e09efb9ca7bca1ac44b38c92c47366c90b1ef89840e68c7707b76c6

/data/data/com.riverfront8/cache/oat/ngzvnyttctwi.cur.prof

MD5 966f272242e1e0f9620d1f8608eb49f1
SHA1 7b8fde098d1a895cbd2bff501b4b86c584875410
SHA256 8daeb799348268fb28ef98f7e1cdfde354d05c8cee7b9076d7ebd04a5729798e
SHA512 dc54ec1d47d317cdbbe85fc3922ad83a54b729492932f55b20b9b586d5acbc8c83013a93cf84f6662c0924ff254cf5138481665197dc5598eaa0980951c732ba

/data/data/com.riverfront8/.qcom.riverfront8

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral7

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

134s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\assign_labels_local.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841081" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a7140000000000200000000001066000000010000200000006204af27a38130f802814388c2a1f21f0d15b0fe99ef21660f5ed287f34c572f000000000e80000000020000200000000664b71a2b3535febdf191ba7d8a8ada8f6680c2c3b576a4b91fbb85b03a8c1f20000000719cc280ee552afeca18002472436c21c6defdf6fcbb29ab486dfa0e83d4f85a400000005f4640e047c84679f812a45def3cbcfb8734f4793078c0e877e6e5d5704831ca15e0789080f2f3783653928333fbae9714c03c54f7a1171e6983eb5c45e1173e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0e047bbfbefd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a7140000000000200000000001066000000010000200000000b0f1b8868551de110bc3e89a52e74f3c523dc0923febb508034a257d3fac6e5000000000e80000000020000200000008e359f13639636d03013951e43b3bd48a682ff49c872dddf0c581903f0808032900000003dd033c62fc44bb0d75e185d6e0578437a165617f9dd2fff8beb0a844f229c467ba96bde3148044a038c38ab4f0b20538de94f46198c031381f8010a168a331bc54ecc09060b0f41c16c010e5d974e4dd97f98c7a40ac4cccd15929dcabe9454c94a4beb63d833b447ea2533a61e42ba9a6446b60af3122a6d183327871803d23942e6218d901bc9ff087fc42c42b7dc400000003c26025d00416b3216ac3948de8569e8606f4c1e4f8b9ef528742d297ee3d9f998a95228825a796d552af9048e93bff51996cc315dabfc6490ec578ca48da465 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5F8E471-5BEE-11EE-964A-C6004B6B9118} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\assign_labels_local.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA40F.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarA49F.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bb3d370a93103aa7e9f213e5c3c4d5b
SHA1 2a8e058cfb338a87eef5eaf9b88003a89cb13761
SHA256 ecc9cbb433931df9271c60a8be26ea09f909c7862fe6d3bb73e6363508bb0e5b
SHA512 763a99ac6898775f0f5684f8ac5c20a2936fb6426f424055d6c3fdc6e0ac33b25ef6f39524c15cbf109ef9cc9c828e8f0347d484b0c95ce7574006cb43547bbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 395d2791b7edc599cc1ead0d4ba57b59
SHA1 a7bd9268691a74e9db0ceb6853375597f69c6ed6
SHA256 74da80c1043729402d3a1b6adcfdf07c85c1c6425d315e237ddf75c0160c949b
SHA512 21f77d631e92286cafbc12a2156efe223a5dfe8e36ca46a8c428bdf7a1a33710a96a45a65f1fa0b7f4561f147df75837c18312a40185e4fb5f1452a39ef93d25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4c8c7f13d7722b66c1c60dfa79187bf
SHA1 78dcdf29d68323eeb77e9b879b367e8d910fd12d
SHA256 da9e5a44723ed849e694e5584327442a647d4ff63f05924aabed8826abb21633
SHA512 8b1053254863dd0efdf13efe54e4ebe40a35d72d8ba1603d771733776fa7fb06da6f0ea2a8aa7ab4a520b16bfbc137ee90499e9fc88c962b624f78a4d0a111ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7bc3754b677d39a1609d2ded00089b3
SHA1 ac83dc64b446aedbc4989ac56d2785ee978872c9
SHA256 8da9590c6270ca627c7e15059cbf6b483102035ee23c6cc1eb0eb638f7de30c9
SHA512 02fb23b3f34be193286c65c1addb719bc2a57a4b99ab29c2d2f41e11f1ed59038c64b6e6f03180755c7b0aa3ab4895e0d054f1d2edc2bb3d96171ca65eea2ba3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d022cf8a07a366efae1df1c3ff94998b
SHA1 d6cc0c73f1b0b7894d9c94b1db62468f45f23620
SHA256 cab245977ed3b7a87b6b09b1594b804a9a513506b4db38291c391d859b7b6344
SHA512 91352ed14a4d8cf8f4d419a3b313dde5c5ca603464a4ad33aded4fb12e7c5ba1215f4e3e5c9b6d8db40f2c6c6983b5f4792b155a658bc3466a68de93f17e65a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4637bea73ba56c00b9c5bef7eaf7df85
SHA1 aa496c8cb6ccdaad5d77a586e4958c6458dc2b67
SHA256 fc1178068fea8e3b728da53fd8e7dcc727368039bd501df7d33c85e22769e4db
SHA512 87bf52945a2f934871954d236d797e90cd0bf85a4f5cb5f8e1faa52afdbd4646c8d07f0373326a0f53b1172b614bcf790dfc3616b4d091d106d43c4f05b35092

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 178cd781da60eabafe9789f7049d12b2
SHA1 636e651d089260a2bca4fbb8df66f718cdde0699
SHA256 5ac845189c3ad49789a8b2669b4a9b093787acca0c372ac911d5d9cf3e5098cd
SHA512 b0e5bae628937c2108048a402d73e311c987c1d247479655b65e5429bd1711137aef543fd2d787cad4693bfb132592f333d2197d1a0e09ba4b94a0fb9d149df3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35ebe0670b8baf40f3aa834f31882a87
SHA1 b55949e46a1c1e960e66a3fbf7f1c0c0435e7392
SHA256 17185c372fefefba2ff828e327a8dc669fb957903a3817a18c00dab9e3a41b10
SHA512 1a658da8ac512c92d05202d2d889e4ce5aba74cc83a93423048f5b6738bd1f3322d2f65fe44322a24849752d2b6fc40c8005d8ff0b880cf3ca76198efbe4da26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fadcc7a13f5d2b69e7a7ae5ae767b26
SHA1 ddc1e18a78284a22822039d8a236d5cfd2b343df
SHA256 aafce0202349327c49d33d77807064e639620c14d775e0c2b9cfce6df29fb9f4
SHA512 4bd099d4424ec446c46da461556f1021701371f2a5f47a745931d467f7600efc33d913aa1c005d484a1f1b4fcf2c1b0b4b52271c78b708b4793f56792fcdea95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 040fa6f7e9793b8e7bbf6fd52dcbba3e
SHA1 923ba7e2508d0bdd79695bda63d517f2726ad901
SHA256 3a4bd595f20d1216e1c3e09882d65fdbc85745ad5b7585500fa9bac087b9c773
SHA512 5b0ace73c0a7060a310b76536b56eed676c5efd170319a5f1ebb90bd526892e3f12881ae80e03cef1d37fc09a26228c1f58908853fabd1e96263d91810a62692

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0d95e24c27467abf7eacdf8cb3d874a
SHA1 f08119545528398c71be6d6aba5d1f852e95de98
SHA256 8371d2c5ea9096e3ec679efd0489c02d1454ca63ac397b195a991d3e1427e54f
SHA512 3d65b0d85de761cab9e071803b7e64a276a7e9d105097752aafc9e5e4c071b613b7b2ae29cfb16cc70739779164c886ebdca9b5a8af69244fe7e6b4010ddbbc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b25f3636f17ad8eab37f1548cffe473f
SHA1 347e18e9e68fca5567290a7c44b13075b9b6e9ff
SHA256 0263c7224ccbd6c37314b994a28ff2302b5e1c0e374016dce51d3b367955b299
SHA512 c2cde88b33ecc4c924126634da423d65fb30afe3693fe89cc8f38924c6486d4d6ef187f44c9839410a424dcf035a06b9a4ccb88dbeb2c7df4d4d530afe38cc66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afb944f6272e4694ebb9481afed9cf63
SHA1 ee19ef4c46a22e6a2ee3079e737f9c74f57d1517
SHA256 50540c146f64d520d243429252110e6518f4375733a227e3ec5721c71b0dce1a
SHA512 b498794545b2f20a63b3ab594a32619f5f631bbf9d6087ba7986f47a2990778d686dd8c28829ea560c79b2b81fe0a935ca6f77c69fda36e751aef35158ba89fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bc509f82856911f7ea1f1de31c98720
SHA1 300362835853120698fc00b664e81fac522cd12c
SHA256 5d898a244c47f67cee5c94fa5cbefee4fe1d329cc5389170acee0c9ef03d9d54
SHA512 cde2ea7050d030b79ba63cb6a720ebb2ad3e2589b2f2c56607c5c6e48e84b92794e02340f0cd9b1ddae055c6639e7f426a2225360ffca611000ff2889809f7ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2522ccf7628b16fe9889e7a99725536b
SHA1 65cebac0e04020cb8f66948b0dde2bfce0ca81f6
SHA256 911e90b14a46824fe3ef69fac46d29aa5047edd1ea26481b71f1c4ad5bf7d4a0
SHA512 56155506ca3660ced12b21c1299f7a96d978fbe896986eb78700bd01a0eace215f78152b45d3d9b2807285a2e39a6e1961b5f2a1c6b1abbc7905f6986cd38614

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c144c6c4713875e5bc4dc9e01a8254de
SHA1 de101dc3ff50c71fa0f5e13ef97ebc118c559a3a
SHA256 ce4a899840ed64e80eee52367c059a95c217c16b2e249a10e3f037bf0e1563b4
SHA512 90981b9a22349ccbf7a1e089867e625e55ff64a9f509c024c0d9e344338547b2723d612dcbce97e4fe73c6920150717a2b72e37786bfa0688d792d582c58c26b

Analysis: behavioral19

Detonation Overview

Submitted

2023-09-25 22:00

Reported

2023-09-25 22:02

Platform

win7-20230831-en

Max time kernel

122s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\dtb-m.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\dtb-m.js

Network

N/A

Files

N/A