Malware Analysis Report

2024-10-19 11:56

Sample ID 231109-1zkenaef7v
Target d4940401398aaeac4b523dca648577b1f39646f5942a19d62275df539afaa078.bin
SHA256 d4940401398aaeac4b523dca648577b1f39646f5942a19d62275df539afaa078
Tags
alienbot cerberus banker evasion infostealer rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d4940401398aaeac4b523dca648577b1f39646f5942a19d62275df539afaa078

Threat Level: Known bad

The file d4940401398aaeac4b523dca648577b1f39646f5942a19d62275df539afaa078.bin was found to be: Known bad.

Malicious Activity Summary

alienbot cerberus banker evasion infostealer rat stealth trojan

Cerberus payload

Alienbot

Cerberus

Makes use of the framework's Accessibility service.

Removes its main activity from the application launcher

Requests dangerous framework permissions

Loads dropped Dex/Jar

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

Modifies registry class

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-09 22:05

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:19

Platform

android-x86-arm-20231023-en

Max time kernel

3056253s

Max time network

139s

Command Line

zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb

Signatures

Alienbot

banker trojan infostealer alienbot

Cerberus

banker trojan infostealer evasion rat cerberus

Cerberus payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json N/A N/A
N/A /data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json N/A N/A
N/A /data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/oat/x86/rlbxJMZ.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
DE 172.217.23.202:443 infinitedata-pa.googleapis.com tcp
NL 142.250.179.202:443 infinitedata-pa.googleapis.com tcp
NL 142.251.36.14:443 tcp
NL 142.251.36.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
US 1.1.1.1:53 androidplayprotect.com udp

Files

/data/data/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 94ed43749f0815cd8769018d6e46d52b
SHA1 95d9b6e732ca90727e53ad19d4b99f7bdd1f4492
SHA256 3c552dd49bf935458d7ac3e572d8f037b25b02b0c06ff4722a42c240fd87dd7c
SHA512 bce3f79133f5829156088e25be5f8a337b7beb3ca33d118aa6a7c59bbbb2f100de5e73359924475189a376976f842ac2f93ca2415c7e356b1a470af58eebff73

/data/data/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 aad1c304c9388c9be1982ea100161c30
SHA1 546dbe1713151ec62ee42d27701bc8d1417c425c
SHA256 2ab80dd9f16a135754a6fb4916d3485ebc26b174efad9b8719ad106d48b58b79
SHA512 7e4ade85719b58bfe0daaf2a1cf4629a65fc1414149b39cbd7cfa9c37835f7fa2bd236b4af24ac7db7a77d9260b40af08dc55e7c16ffd13dae6a4edb3f294d3e

/data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 aad1c304c9388c9be1982ea100161c30
SHA1 546dbe1713151ec62ee42d27701bc8d1417c425c
SHA256 2ab80dd9f16a135754a6fb4916d3485ebc26b174efad9b8719ad106d48b58b79
SHA512 7e4ade85719b58bfe0daaf2a1cf4629a65fc1414149b39cbd7cfa9c37835f7fa2bd236b4af24ac7db7a77d9260b40af08dc55e7c16ffd13dae6a4edb3f294d3e

/data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 aad1c304c9388c9be1982ea100161c30
SHA1 546dbe1713151ec62ee42d27701bc8d1417c425c
SHA256 2ab80dd9f16a135754a6fb4916d3485ebc26b174efad9b8719ad106d48b58b79
SHA512 7e4ade85719b58bfe0daaf2a1cf4629a65fc1414149b39cbd7cfa9c37835f7fa2bd236b4af24ac7db7a77d9260b40af08dc55e7c16ffd13dae6a4edb3f294d3e

/data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 27a5a50873485a2e84f38d359984d649
SHA1 427e537f7c5fe14f879446fbc5a58784e962605a
SHA256 41aa003e3ebabba60f2afb82cfa57de2a68d4c618a63e5645b33bf871880e45e
SHA512 f64ecdcbe12a01cf2f586cd4b2b689e89be2f854a8c8f87e97fbcaf1a9bb5a0cd9365041f52f21af845e53164f332a0f9ed00a356a97985dc6f0323e0521d78f

/data/data/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/oat/rlbxJMZ.json.cur.prof

MD5 195f6365429f6907d9506f7156d73ff4
SHA1 37e6aadf8290c0098f63657415ec7d48e38452c1
SHA256 392a5703978b4c3c91b2b434d375a657d946ef351a18f628bdf9ef7167894004
SHA512 d0bafb55414ad4c82a4aa88de8304ea89e4c23a4d6a099ea07ee3c0ef39267b77bfc81375dc7347ef455956714c2e270855aaa2be0069d8044250b250dcec168

Analysis: behavioral7

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:14

Platform

win10v2004-20231020-en

Max time kernel

157s

Max time network

155s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mintegral_jscommon_authtext.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069017" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c4cc62da77d25b48a952cb775bb65c47000000000200000000001066000000010000200000005742682adeb015c7d8b237073ca823695dcfd794ac2df97a015a2f91816e5de8000000000e800000000200002000000044621dc47fc5d647d0dd7f83cdd59314e820caf31b2fa14710bcb845fb6e6a2e10000000b5638ad9064711625acc790be940d4d840000000b61f5c77e714893609d3848507dbb6273ada77dd3465a48339936215e86c41bd4ff92b57b7a2d53667207d4b8ba1521130b4367750686d8a9d1c89ebf2d9b191 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069017" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d09d1aca5913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 6367109fb103da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c4cc62da77d25b48a952cb775bb65c470000000002000000000010660000000100002000000079983b9d496945927e3a5e58be28a0bf98e96e90a0ee9d0ad05c7276da469b56000000000e8000000002000020000000d2b8a13d5dae745b2c5e34c68538869e8c6ec419dd3356f6fff8b6a05c4ad2121000000032691c3b6ff1cef9bb63814a09468174400000006a9b3acb1435a7cb5f43586257ad63336620214baa955772401ef98d0007a32c32c6ed8e63d581332370810198240b28ad7d5702c30d39791ce370b9b4fc7c85 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 609212cb5913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3384965989" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c4cc62da77d25b48a952cb775bb65c47000000000200000000001066000000010000200000007749b0bffac6dbd7eb315f3e344036e3d185ae3a5b03dbc759fa5f8cad38a579000000000e80000000020000200000008828f4a69878f8e55eab0801de5615337416f68192a6e7e557152c9f8e732e29200000006f76e8d77fdf4a0baed727bc606d9068ece006470e5251184a739176b5ae30d540000000e38dafe091a885647392d54ef19d410eaeaeac52d9aa0dd524864f4106a63c78fc2bf0086b61e8253da835649455156bc718adcb2c857a9bc5d1266d96425b16 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Bing" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c4cc62da77d25b48a952cb775bb65c4700000000020000000000106600000001000020000000a6bf7883f391d069eea2c2c4f437a6ba2e7b0686f8ab043b3dd2c3252032be35000000000e8000000002000020000000b3a4d22d5813684db8901d2dc2b1ee569f73877b57eceef1a8c0a8f20fe01b62500000007ad348686717f1f521e8fa9ea18788a249520deb0922a132042e287b798beb979566c0f8ed95890f545498fc06eb937c3cce94f2409442cf49f6ed5ec4e5b47beb6a094206fdc4633a313737dffdd3624000000096273b8948b3b3bca1ec23e766f13377977b904e9f86f986333354d93da1617e9d2c4928c45a5b0e9fb33c21cd15c745359330ccd09217ea04063d3e7ee322f1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3384965989" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3386060086" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c4cc62da77d25b48a952cb775bb65c47000000000200000000001066000000010000200000003348a9ae0bd7364bb836ffce8225a6d6b19de0dd2b5a5e044b39cc8b26ad7572000000000e8000000002000020000000104948fecd2498d5548375b214af9ab1c26eca86c49fc35554c9c7721d52634c200000007a74d9dd336f2f91f062ceb29450aa412c8a317df7d914b83fda2c15e90f6a8540000000c45a9ffe0bcf2a90ebcf477b47de3bf6164ac7647774100e277376cd450f539e997334bf9c9a33b8196ee5e21804d831a9e291a190fb7960d79160f8bd42599b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\KnownProvidersUpgradeTime = 6367109fb103da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c4cc62da77d25b48a952cb775bb65c4700000000020000000000106600000001000020000000d771221a825ec55337c64c092e27091ee5cb92063f3709e2bba3224164195a3b000000000e80000000020000200000000b8fb54cf32a21f5e07010679317eedceeb142afd33b70868e11581f213ca802500000008fd65a05391f9907746a4e26c5791ab7f99c358ab519999f97b20e3562be0c5ec14b79a785862c151816afd28b55dc084cb390a5af889ed74ca2c73ed601c1f2248da5af5b124e67cf80357edb81a35240000000a304af5eb580a727c07390a73e13d4fa913189d79d417f7cf02daff4c5a2b2571b1cafdbcdb26eddf348fc3b4cd84c0480ad7cefff2020252a591cafc63465ea C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F459D66F-7F4C-11EE-91E2-7653DF904252} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\User Preferences C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406332874" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069017" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3386060086" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mintegral_jscommon_authtext.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1584 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 254.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 198.52.96.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
NL 104.110.240.112:443 www.bing.com tcp
NL 104.110.240.112:443 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 112.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 183.2.85.104.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 126.24.238.8.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Temp\KnoF8F6.tmp

MD5 002d5646771d31d1e7c57990cc020150
SHA1 a28ec731f9106c252f313cca349a68ef94ee3de9
SHA256 1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f
SHA512 689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver5A60.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5A2S7N8\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral8

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:13

Platform

win7-20231020-en

Max time kernel

135s

Max time network

131s

Command Line

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:844 CREDAT:275457 /prefetch:2

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e955b35913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DEB92E01-7F4C-11EE-9877-62F381BBBBA9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efee191c820df7499e31472656722fd5000000000200000000001066000000010000200000007acc338f2bab53403c3632590b95de20e224579a269dcd1a0a2f0fbe7f43a9cb000000000e8000000002000020000000a66b5bf5b9ec93d9136eff4f0b0e7e5e75a0972b6be4d55628560e093cd792e2200000005a6b8c1109e9cb2a86bc13af2a514acabafc3eb5b4b4d48504708b4f080231ca40000000f04433122404a3684035be39e4785278cce1b31cfc81ea6a088605c9e44502c5dbee46c28948cbd62dba0c4707baa0ba1074b0b11bfafe8bed3268ecedfef8fc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efee191c820df7499e31472656722fd500000000020000000000106600000001000020000000419ad98a2127788893da4c3fe2422108282ac5fdc8411e8025299e22b116af5f000000000e80000000020000200000004480fd8eee781c230ffcc5563f2d4291d6910b844428d2b708a2c933539a461c9000000005d7d259274b8802d3867e0bd55b5792caf71d07ec146de5917eb791be34ffa846e42741bdb550bc3372370548e3ea1850b877de7ce49d1d1c6dd93d6bbcb6e40dcafc317cf774413ef9e62a41e50b86bcf453f8e0faebba127de5c146e080b3fb0230dd90ac8e1363e3cb86a5721deae026fd0180a3fe682a20d685cabc489b1f3d35bad706c833c40497fd7c5ef8bc40000000f6b042ba2ebf935d83b5ea816d45dfd501bfd5898ac67ff5670c3b67c0993273b8c0778c8ad123c6f39ddf791393fc34bc5151ab31e43cd59b0c68020d8edb28 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "405729730" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:844 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\parse_movie.html

Network

Country Destination Domain Proto
US 8.8.8.8:53 m-videobuddy.ssl.n0909.com udp
US 8.8.8.8:53 m-videobuddy.ssl.n0909.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab62BA.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar637A.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6027663ea903ed3604c7bec6f643b5e9
SHA1 a6e1176e4ff07d972400cb488167ebb73cc92728
SHA256 1c38804f20b04e4bba5fdf51f53fba265518f37e5e2962c8251b568b2755564c
SHA512 8e47299f90ffcee867c6f685a7130e1eb78ba3b27588c418241327ca66c5b519467c5a2e0935915df625cc8cd4e7f11153d2a00dd45979426b1f2e7906ff2d83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63556f99dd5b0b61ced1aa09d8c030d1
SHA1 19131d3daaaab9fb27a468aaaf74dfac78e4996b
SHA256 282c7d52b3280d0a1ba8ca4d4e80b5898e3b61478c8375edf8a3ab0030620f89
SHA512 03be13afe7965cbd5ebcd62d4ba8e7aa16bedc49b727e410ba261889c14b34ac82fae706952929ff5aa49d89b8eae0500c474b6d00024dc4a65ab4b1768f0697

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b77f4d4cbffa0e87a5de998c471f0b1
SHA1 53a247528e6ba8c6e404f28b86048657ebe2ba5b
SHA256 3b9ca9a6a75f1ed5cc219494a854eedbbdc7453ae6d3a98c0640bca042915ceb
SHA512 bf11047fc04f0e670e72a9e2a213f5cc4b605020c3a387bc8d39f0252aaf39b694c3a7bf0a307bdf6cbbd9c26109574bb0b7d9b61550dbe52291a5fbe04908f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4b356533dc9e89d6bd22f8cafb2971c
SHA1 2e78bfc8f3cdeafc034fc81485a08ca11a8475b9
SHA256 7f3f7136bb280fb33e25a41b0b150a0a33e17125a4a87dc19b132f63eb70897b
SHA512 f4ce5fb5af964388ec4665cf651768b805b2ce7b92abf7699536ca9495d86d7dba5928a6bb39d34c7496326ffaac9bcd32aefb4b9866b5b6bc3d6edbb538f105

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fe99c7d7e3b0cd1e4401719dc23e1c6
SHA1 3178a5530eb9d5793ed3f362f621ceba4374b4c0
SHA256 82fbeb36460fa4da40f58723e4ad9531c402e95200d562fcc8ce9545a15b44a0
SHA512 9292257c4c78625eabcf7c4cefa0c36e78ea7035d7b266475000570de83c59d6588f5a5a0bd626859af7ed966859132f6da5c19eabb766708282ab8bf4eb0860

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fdef8cf32433bfc6ba6bf51219340bb
SHA1 129f737a669112a755e81e08138cbbd22426e1f7
SHA256 e9e1fed0ddfd388a0c2ac89096cd88ac90b08f5ac0d5ab4ff10b6c9a8a6086a7
SHA512 9ee01d6ea30a2288fc41313e63527eb2d2f0207ae2dace39c1c1843afc59d2b2ee15646e80decc05ef158d9c71d6583a499382dd1148e52449eaf7ed998f2dbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7180220ee0810c50f338437253025bec
SHA1 4ed61df5cb35da65f7e6cc417fcbc3ff5683036d
SHA256 74864d947651dfc1f146ab0b7bba8480a9b058174d3b5ccecb2cf20bb4b12463
SHA512 44052813a5dfcbfb528b4300ec06638c64c333ac77e7ff7c420e504ad35ed0eae6f9de3c97450b9237c4e904b3f355c9d81d3b91e225a2e2bd7adf54196c8065

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f045b35fa976d583dfbbd56b23221bc9
SHA1 afe83a4fb67b04b295642f6d5e2c4769238a9442
SHA256 322f56920db44b14dbf5387ade2dc1eee0b28813b588fc742b9ab6b8f800bd03
SHA512 6209399a6ba72cd728b2d73725af5863ddac8e012c33723ff2cf32a0167727db964d6ca3f9fa361abc56a134c7e4a4ad1e7076a09e60bbed57737dcef119c193

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38d2499d44e89e7372ea2ea93847dcf3
SHA1 fec3ea8d69c1fddb94d49039e7bf9ff792b2a01f
SHA256 01bd8f98b4ba9d9f5b5470a80f3975160b2995b784d27806ace279f416ffa8ab
SHA512 faa7a156999bc720b1d43981ccd6b0669c415caf1a4ccddc1bca4405fc178c4b380d3ba33e96e21043ce2ff5f7d75351ae1c4ab25c53ab9e6cd107b3caa2d771

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45dae4dcfd015b595c25fdd36aa6dd32
SHA1 e12dc29d3826fe5c1b7c53804db57610c10bcae4
SHA256 d788d57e5dfa81506c4923b5fe91393f395896f396b0e1f74e5cc0141f632afc
SHA512 ff0bba81e7e3b919805faa4bf9e93026eb75cb613d664d125182123b685bf2818fa6f755a20c4358ed3abe400a9db50d1e3f26f2d132693780c79f1e76bccff1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c54d91942d3758ca59b1edbaa35bcbf
SHA1 b165427417092902a842799f7305a0ff85fbbf9f
SHA256 d68aaa3b3aef24581340e364ef9c4df36aa06e1e257e10a067ee6d967ef00c19
SHA512 eae062cfff02475f95d3296e83094b1e669325b1323984d67239f2243faa5562f813b5bb81cda68f440e6990afe1e34a4b3db274af65e9c1190177a177e61c29

Analysis: behavioral9

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:13

Platform

win10v2004-20231020-en

Max time kernel

142s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\parse_movie.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3176259915" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406332854" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003b97c1da6bd61743bfb3911f85184de200000000020000000000106600000001000020000000067d28263b2d5b5b002a451506747e33711da5bcea69212575c9d3155c3d8128000000000e800000000200002000000018c4e13111644dc795dc07c6cc576db2c7cb38d60aa65e742fc968ea306fb21f2000000023baab28936a7e0e2078371dfd2a76ab5bc7874f5b9228f782df68f7173d88c14000000015de532a75efe1f5fd5a45f55520b60abf913dbe12fe2a75dab8e5d452fe517c9d99a7e2518bc2d08c08c8271f9cc99147c0d0bfe370ed7918438927dd129d6e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3046729136" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003b97c1da6bd61743bfb3911f85184de20000000002000000000010660000000100002000000032abc82f786954c9c8e0562d6ef3ef603994f7411f02ddb696ad8c3781474f80000000000e8000000002000020000000a351fad46a6f581983d2bcc133dfe3aa977da161bf783279b392cd118df68878200000009d65cab2d83233e29de559bbad57d8d2d9907e01834573f3ee0d1e0828bf55e1400000008cc32675fb1049aabeeb4be640960fe7a1a4795fa2b18b68ba64cdca17339e06da6b3e4a4e77c639d783857a344082c5c1b533268e243161a6f224ae4e66fb47 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3176259915" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069017" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E0470881-7F4C-11EE-BDA1-5A18E6D98FED} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069017" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6095b0bb5913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069017" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3046729136" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0896db65913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069017" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\parse_movie.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4948 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 198.52.96.20.in-addr.arpa udp
US 8.8.8.8:53 m-videobuddy.ssl.n0909.com udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 113.208.253.8.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver4205.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XQJAPFBD\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral12

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:13

Platform

win7-20231023-en

Max time kernel

134s

Max time network

135s

Command Line

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 709e97c05913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b8a3c6ff97044781f9dc0475faca410000000002000000000010660000000100002000000084f6b741e7e78a1c8636fd5a110295dc22f15cf7ae0056385dd315f1d42b9946000000000e80000000020000200000008ae665b5f74e40a713e0e073d886d40d2523b1064a69e656cb11793b62fdf38220000000a754bdf4c42b4b535bf8bc64aaf833529214b7b6352327618c6f688c844a0d4f4000000078afcf96ed83f610c688fa618197282600c644d6f371b36bd9a4e840e127b43921d1840e9cd51e0e310847a2fa67bd74f983b0c4b2cb30f396272cf420be2ff5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EBF852D1-7F4C-11EE-9AE3-CA8DA7255242} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b8a3c6ff97044781f9dc0475faca4100000000020000000000106600000001000020000000ef9ab55b5992867a20f4612a29549e23a116fa767c71551725fd84212bbc7361000000000e80000000020000200000006a3b6ef3c462cfce395c6a36ea8b6e87399aa66a7e6637baa61b2d49a40e666990000000c43cf8e64ac8c8b2986a0f357956d06dd37e3faac41bda480bb913b89c58e968366be267491b19b278a5d8e6f2bef3535486347f7cddcc4430d55f7e3d80562b769d0ba941d414900c9c967c757bf8d5b04890714924c88a34c7ef59e8e0eabeca3074980984094e1f96eb6bda46fc52a48e03022aa0592133bbf47ddf1b5895905fbe7c2b25e222525721bc2bf7816d400000009617906dc26407431d88330e2fbf0748b38d5a2a610bb1da47f1a251512b4ca56c0c6ab60fb46dcc8c0d628211073c6c0c23803da530ce69d94878d77f7b986e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "405729752" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\parse_search.html

Network

Country Destination Domain Proto
US 8.8.8.8:53 m-videobuddy.ssl.n0909.com udp
US 8.8.8.8:53 m-videobuddy.ssl.n0909.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8CA9.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar8D09.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a1804f5ecd6c84ec11432aa84489be4
SHA1 9a7775de5f8b253ab96b59625e8d3889d30c28ca
SHA256 710827b8f320ba68ddd3f83ed1b6557ab6db847904f690c51ac02f30a307ab8f
SHA512 18cab9c73d2180eebb96d9920318fe5dc42da1808d5581b169154bf58ab162bb080540771413670b9899d8b1fe448991270ab0c207d4907962c374fa66a810bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 708c16255be27ffc03cf9918dc1ed98c
SHA1 b6d5ac90588fe90270a16fba5be157549048b6e8
SHA256 f1dd71524fa61342492f8f8749c94410e58affa38a697e9a8fe0baa353f1cf35
SHA512 bb90f9faf8ed111e6cd8e1abe6ce7bb0a5b30dc9fd07eb0301980cc407a7afaa15b1bbff4e320a16132f8adadef22027c9685783ed739441657baff8add9512c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a882217b3034e54d8b4f15b898b7d181
SHA1 cc5dff139ff57632d729a9aa3cec01e226598086
SHA256 c0df8dda0ad8ba09aa7a8e6dd3b27256037c679f90b25ba6a208bc8dbcc07def
SHA512 92e0aed2a350a912fb3553c48d3f76c04d21a473ed0a4e6f88c86c25907ee2ac6e29f37e58d499fae3a65e46b8ed1d0f80b963f79345b7a96f4a070b68a015d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c21c1c1e9d454c3d2fbd5d9677f3138
SHA1 ac00b123280a41dc1b7c81e2cebdefacbea85332
SHA256 75bdc25c97aab9b42cb8b0b9884b2cea35c708133b188350aab3441d457d7088
SHA512 5b9462bca8e6fd8afbe6d791b9af0176281894ba3c3de2e16dceaadc60500ee81edf67d6f91c25391d75fa5a492bb1bbbaf9a3d7c58f6ba96fa29836dd1d0fab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b11f0837ac7bf32867c6d1c4cdfb83f
SHA1 e441e85f5221062856e7fb4fd23fe635bd66ff0f
SHA256 a42fa43686714beda5c3e8b76ebf6f1b6efaccb7bd12bbcec95595002f73a0aa
SHA512 657a5b7d73c28b95e71e37ffac9d3e28efe6f897dc8504a1920a136d2a2bb4628b734a8510a9b1907bd0a9b1a8c99b7b0143aba07d8b6a9ac7574dfb6da471c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 991d9c9dda228ee332e5d20cb4541634
SHA1 833e27adb1a9e1728845a0126c8ec183eb3d65a0
SHA256 457819b8a927d21b7aad1c5c5be514dd068ba658988c23a12d9947363ec2014e
SHA512 9c2788435e1c11b86d7545f1f4a50561441f91159cbb910be6f9bf0ca1a8dcf335b7d1562ae94820cf51c58282f34093cd6c4d1816bcd22b8dad3bb9e7689e85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25c3642cfada1f1d045f3c5e6e093529
SHA1 6d4cc423e18aabe32eb01056ccd2f118d026f6da
SHA256 fed2a0ec5131369f8b715e397bb2a503eff9e20928ed7cf806f1215ef079b986
SHA512 2fe652eafc2ba8cc66a5fbe4bc02009da416517c23135d02c1154d11993ad8fdfc0c17d675ab31be5c761725aa1becd77b09b88bbaec2a6fac320ac74db9a99b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cfc7cf78deac21eca5120876bf3e517
SHA1 7bbf9514fff6edf94acf387e79c46dc733f30fd1
SHA256 4465d4dc17f4a72d9f65bf2c8f1b8743ba2cd0530263d95866b035cde9cafd95
SHA512 a70b1a0fc40007fb0968e0350b547de940da0a6a653345d388a1b34b669c716f2cb4e7ef99f7f67a43fc9b45d1d51e9557ccc1753551cfe52d2bd4968a3055b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a86607e5bdf940ed6078ce81e184aae6
SHA1 98093f296ac8ee06aeb072cb6d00d0f470532444
SHA256 085c8f16720180a7f72ab747721ec2a5e4c524ba5c4a09e477e8181b861872f0
SHA512 adb2f155207f70c0be9e1dfa0b6db246325a2884396618c8d75061247b03cc53b737f2170cbb24bd352c1224b0a4add0d9782992ca8780d012bfa2d7f2dd3f7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c273d2d483830049d15df5b037bd20f9
SHA1 e3e5208e5c6a456a3f2188e7ac467d374be9b4d2
SHA256 709b5d5f6cca5928b727e25f3d04f56653b30e5b174f817da4a33da4921e3ea6
SHA512 c239553dac3c1cae9f4d09fd19932ac970424e818deb65815f68d09fca49872e71490d07fc45f15ae4e650bd5822b963b698d99feece5edf4257b4575d3a0f67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc8d04038f2bbe2bbd610e67544c3982
SHA1 ec56527bcc9e86f251b0143c0e3de865cee193d4
SHA256 4381dfa6ea43a2a540b800c60fb678577ce785c9755c5e129570dd441fc8c5f3
SHA512 14a93627bbfc38a7efde2558ddaeb1864f920235873d9928475dfcd58a365528424f7529aab38b799df8627ffd9c94b4265df47a5d93cab04f49be9030f24528

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49cc43b98c0967c20be39d6007745679
SHA1 c86b5eb8ea9a61f28be2eb4ba9cca54f46ce0aba
SHA256 e1b869c2ca39efdce292d9146908d40ed3426f910e30376b5217022b08e39774
SHA512 b074910744e6ada45b75b69524897ea017a5f1ae95f58ccf561c07e70732789d1a79801bf01c302aabbbbe8daa4d52cdf28688d851541eb7a5f08d97c386ea63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e934590973aacd759daa2da76e8f28d4
SHA1 f5ed27cb89e3d1f6ea5319fc8218a8de2a17d10e
SHA256 864da5a8f5d057718a67fc2aa27d1428c39b8e4f1e35d727b35bca1a3f85423b
SHA512 2722650a37f1c0dd1c270aee6934b1a0fd7d1a31731f37fcc5deecba523a2942323e04b160aa9b59fe14b15f5c0118e71d1400d7a70dcc3d2275bcf25eacc4e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67abaab3caa72a93580b685fcabd2e22
SHA1 f1141fd9319673b7895204a5af6c107e70d490ad
SHA256 b3d4541515d6e38b7afb5db4e40d857e95fbd425faa5baaadd834c5796fca54a
SHA512 5dfc387c73c04b0c56de0a112c15f1ddc2a56bbd63b5581cc062c59d8c50927206169e4d6073765294c2c58272ec2564082de78dc974dcfe738da05375ed10f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aef490cd4cc362e61e9b458d98fb8f76
SHA1 c8d8c86db380ea9151ce3a4f80cc96dca4833743
SHA256 449e3ff25a158eb1220ca32a9c96cb828b2df29bb82bfd23e1b9f53b9d64dd67
SHA512 75b80fe78b42ac91625f3f28bfb49a19e3927d576e8ecc8a45c707450b33b8024c9d4d9a85ea4eae461c88bfa396f2af6e9e53a1b9078aded238f0cf48573f44

Analysis: behavioral14

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:16

Platform

win7-20231023-en

Max time kernel

142s

Max time network

234s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\watch_loading.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{545CEED0-7F4D-11EE-9061-7E017AD50F09} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d5ea254cbc3cc499365b391a5fd6692000000000200000000001066000000010000200000003cab29a4cd26a0b7ddc8df2eab4508f57cedc6967835ce55f363c840a65cca0a000000000e80000000020000200000000d98c902cc8467255729bd9a66468608d4317058cb64a51fbb42550d35dc7c8590000000ed1439163fe72b7f41b40044dfd723aa66c06dd8dac8c8ef35c1e5dbd85357efd95eeaafe231d603e83bc550c05cfe5cbc1c1988335342636e9fa4301d59eb17b076d4f5a360db5d467b5bd283f1975b56be6cc5c2127cdeb92924420a75605939d3b1ee9a4b962f9dab92439c6ccfe0fb207be2e7347c250e36100388d89747d31a1328c1230e2a238d40c32a42c22c400000002f71d14d9e8b24a89c7fec6a44cf9921e485f074d58d304e45d360c781a8bead092bf74fbebac1dd57dd30fcd9248b65d5fd566755e4199f535ef926e81f7c72 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d5ea254cbc3cc499365b391a5fd6692000000000200000000001066000000010000200000001f40a86e0e6119cbb0a55c718455186c18b6c4600e407cf619c45c17d9eab750000000000e80000000020000200000004c5a1c77007f6642c4e7cd7ee85621243b2e3f7434da629acb59b0a3d2a05664200000000ebb361ab1873c09951c691e97cd47782310590fafc30ffc4c878a86f8203424400000001a6aeb2c3fcef62700954ee13e54ddc774aa0c238829c962b0c3324cdbbf6c49755c102027b6dbd424f84f35a7b3d38182dd8c881e1d8eb980419dced7567de2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70109d395a13da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "405729928" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\watch_loading.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab590B.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar5D72.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48a551074c0a219a5200653234e55bf3
SHA1 b5ff8e6281b56f14537a46a5121e0c2f1f9f6eda
SHA256 891695438951fd4ac4d9c0b20f28d547d06d53296dc936397b051fb0cfb68bd4
SHA512 ea11826092244a435102fc305a7e1a247646aae18cc0fe9ac063d2390cf4082926c7050d6b4a9ae490c91c64c4f0e41c36a8a8d55242bfd61bdb4b79796559be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97869533e06dfd5f5652743623ab19f3
SHA1 0c2713ecf40b403830c2500b703231a09f7adcdd
SHA256 dad3ed8a50b4c665f930cd92f6e1bb90e01a17ae225fcfab64eeaaf98b746250
SHA512 9be30555a3ea8177db0b7210f156dd991d8c3a80b93e3a1c3f7d7155b272e4cfbf7700da550303c6b04d1732f29e809aebaa76d95726b85224a524d82da5f222

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bca9d1b35c95747268d7547b51f1aa5
SHA1 e1a54153a546885e00e37cad643f307b71c6c933
SHA256 767e5ce5bdd5deb2c89b1952b4946e86ee7ee5732bd33efe8615afdce096827b
SHA512 7e39c0f1ac70f0428773ee62a132fbdc7313c4acba4937e9c9ae6f3491c587e93e3e1e34e27e277b42c3b581222b64229f83d09146589a2c4293dcc4efdeb24a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc76cbb190cb8ec27bb45f1ae87cf3ac
SHA1 7934f3eb8d026a9cd13b7a3b0dbb339e5639534a
SHA256 a6b322e9fa50d58e1756eb0354f63f5d68ec4a2c938254247ae83ea0f3788781
SHA512 426792d2cb6ac074db5f17b3f50b77203baed50c111ea2c833856caeb35755caa9b7596fdc2dc284b8097a2f58cd67f1b3a3bbcd9a9ff4f77d9ecea4ca6123fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e586898f92d991952e466905d044e7a
SHA1 b483ec8f416d48adbc9dcb5228d44a4485084eef
SHA256 1e3081bb2673cc821ee306ec99a59de71e02d4b11edae93981cb11110a857218
SHA512 e2e1185514797b17f096ae5a2c94975a4084a8aefd57d7c5ec3c0f44fa525183588b1e0fa4dd1d865bde323b4a154254f3b4bf84ab6d798404d2a668403aff93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 555e98b908e20fe782b427ef3845a783
SHA1 2e8ae063b8842a16ae6d11d88e242bff091f4e35
SHA256 b48aa88e3c19be17173344f01acdc7a7710e9ff1d48039171aee1659074ad0f3
SHA512 8f2efdc0bf57163724a6207da6564962d569dbda3450ce9da9d46d284ac18d45fa1146cb928de43fdeb8a7b1ebfe5c450eea966ca880b057d6329f8cbce0546e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e13c1c5b30914acfb3a9059a1d63fcb
SHA1 562b455ce29ce3cfd2c227752f4320983bebc52e
SHA256 8351c58e3d9fe040e81479d68be10de01cf7f8705710f1bd2d7f4d73314abb28
SHA512 da2bfa63c83f579393be17484c51581c8efd92bd115d8489b21f76203a56b5459acf8dd04cf4477a66209b04d7014f151f048c24bfb1250f2c7651454bd8baea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f17877ce6e3d1d7b0c1483aefda76ac
SHA1 2f8da94da7a2ebbdf2da5c34079ff96435d78e1a
SHA256 d2dfb475209d4ceaed26c959b9784d0c4785961c574ceb84c99103e503841484
SHA512 971cfef088f17ff4553d2b73e2465628ced5cdccde6f38995d1093beeeaa6ad6feff5ccaaa644f799c56082fd3fab2b81e4cbc24bdd90078fb9e70175a22fd38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c79a6701f444e60d21e51c168f5d0f9
SHA1 a6a4060213c2fb011035462ff067eb08ed52b68a
SHA256 cacea383153544b42de4f1535dce1f899eda56b0d933df861770679dbda43045
SHA512 88651004eb7652c469aede35ae94a7251aa9b1651eae0b4c62adeda821265f95f877c5ecf24fcd0b39fc9da3389d09c4d26ba36b1da492cef54e876a538a8fea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e711ac3c0f6ce0d41838c07c4e65e5d
SHA1 37d9e8f0d5d01c8cebc5374ca03843fed16f1b33
SHA256 41dad4ba5455008a9bc0b25fdd954581c2c1d0b532fe7d58e4909016f59efbf1
SHA512 4d8f812df4f005f5a73a88116dd85fbcbb3e6a7cc87ac157c0a785206d89a241f4d1241bd882ba4c6e39b42e29dd95ca3c20024b55af5c34c5c340b539f4d644

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76ab38e70428dfec339eabb4fe3bc1f6
SHA1 d429b8fbea2fcb421966d8ab8ed8f8bbc4c4e8e2
SHA256 039bb986076d41872d86ebdc5d4bb463d8313e1e43488826d9607f0060e67dad
SHA512 fbb411409315fb09cfb59efe8826a4cc31ef89b84ee873e09da7ec91f7820c7d299309182263d820025a17205ffa3a96174ae3e7d0bee5890df4e6d26a1dc464

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce5f02b2e26ea066b347c40151b48f83
SHA1 7e36f3144310c13d4046de96e56fa7ab36834f71
SHA256 bd5e5a2df99b3fc215fc6a13b169c6ff67d0adc130e5cd8c9428580fdb0eb604
SHA512 63679901cbf86a48342a5187d63e2cd0cc45b0c582361e1a6d7abbda14fe9988954cff58226b1d72675a4d62a7ce911cd9610e02ea8ff477af3a57c43a2885bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d241e1b39169195e4685256301e05cf
SHA1 f4b1e9567c4cb9707dddb814162ad244f8c6e77b
SHA256 8d6161728cab0df7d493ba2a14b205be0286b0f3815fd8737fbf40445abdc746
SHA512 5baa264d61131a497ace3eeb48c5eab009bbea950373923f84fc3b5fe9fdf31ae6ee3460dfc1dfe0d3a1c40f4b709b7537ffb8a1a00811dc3fe7c57904ebc695

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45a02bc8ecdeab1f9c0cd61b0e6fd1d2
SHA1 01c6a556926870fbcd5fc4c03259bd9e1867b0c4
SHA256 33235a86444f3814ba9391cff00f251ca138f23976ec9b5eae87af550694f496
SHA512 2e5382fd6db5107e592676c0c73916c606c9bb999a62a78c0aae506de9e9ca176b564a1ff82f9a389c46210d46fa2202b9957844d0cf729244010bc363d63b1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 440bece40e17da191086e3c5bae378b8
SHA1 e731a00a92c97d53b1ea53eb7d080b6c4701b4ab
SHA256 a5439315b2f4dae13059ea8c8b4e5739c7463e0569646232505a31dae9cc922e
SHA512 8ccf0a04f11312b1aa097d9a68de7afd7af58a9fc35aa0dac3ef31236c00cfbefd5fb9d0363a0360afaea8cbb26ce50a98c1430031ff0621eee9d373960c1617

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94e54323d7840f9e76f5c4476a689f22
SHA1 b9cea83b76e4d4a799e1ae4272510b682483a157
SHA256 c848d6793b77456a1a17d60206cfe8da07b6d82a93ec7c6256e6d155322121c1
SHA512 36c82c0b4d975eb903d14787f46177041410045e8a07d1ce7662c392825aa735cf58d05f307f62fa1fb9ed21039d695c8004c3eff6936cf281b984ed5bd7b3c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf4a9e837edc2bff688f1e401fc0a091
SHA1 d176a9ae8c0153b7108e2e3d2856d98be0e6662c
SHA256 a32fe44f92a74675b33b755d4af9092430eecb0ee5119e0268aeabaee838888b
SHA512 8120687cf38c44ec733b46da385abfb5395140b4bf1bfcce41e70b217934cc5178013f9d49ecb08e57acde7b2b1ad20caee982674e0ad17ced22626bfef8a6c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af54f1ba068287fd8ef5d3eea522db84
SHA1 e120e2d650689e6e4a8dc602b03fbc30dd1c9142
SHA256 4d6c4784432e02931fddb9fd2939ac0ca3ae7d34a3337fc617c0487d5670c540
SHA512 3732b8581eb1dcb07e8f6e7670d00a095a8270da04b23f3e4aadf49f1ac4d8ff0c4436fdccd9bc4dd583cd0280964dcc84273112ce3d8cb25bd66966170036ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6e7b5ab6be65bd803142797bfb4e18a
SHA1 132412107929b24c21816f6d497718adf22e0d06
SHA256 3b479e891bd6985ddf147d77bcb17e2f878ebdcecd7f9a5c98033a71cc8e154f
SHA512 3f1c91cbd66b6fcdedd9d78c2cad167757011c12b8b34992208f6217631a586aa6834334cbcf52df5684e8cf4f77ab9c4a01618ac757b09655b85b92829d21d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a57c94a084e0da2a4111cb5a7129def
SHA1 dd63e688199c23255711f25bcc805e7fefa2bfa8
SHA256 564edce7d1fedaa8b0f15aa3b70a3ac23c06785cb7866c22494d9c91f1ab2d47
SHA512 64346691b5d28c845f6ebb9c0ae4f0e46280a50272bebc42f86f08c708d7a3287cfb2e96990e718bd5534e36883cd34a5166d10465c86de1318d5891a8eaccde

Analysis: behavioral15

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:14

Platform

win10v2004-20231020-en

Max time kernel

142s

Max time network

157s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\watch_loading.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0372D1FA-7F4D-11EE-91E2-DEC477A2A3C2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0372D1FC-7F4D-11EE-91E2-DEC477A2A3C2}.dat = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\watch_loading.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3796 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 133.113.22.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 254.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:14

Platform

win7-20231023-en

Max time kernel

135s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ytaplayer.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "405729796" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13563" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13563" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0bd80dd5913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79072038c960342ab421b8facb933e900000000020000000000106600000001000020000000e6d716f47d152405b5c740a92be2003a643dfa51fbb8ef9fdd461029929385c8000000000e8000000002000020000000d46192350aec56a910ef2d947b3957149aabdba30ad78f5f24325a99fc479d7090000000b879fec420d9108b19a3eea8f462f306565c76b914f58d8e9d11b9c6c002c7ab205fde05ba090ce79c50c8b0e3c77b0f7ab88f8b0b5e5a04ab89d10a0a161e8ab597e1b0f57201f4afee7f0b6408465e4d46a26ce941e1b5c4f637529dcc5de1ea050f3ad01fb7099a3d8b2d186ebfa6aeee7305317e43247f7fa8cb28cd28c9bd799c3f2410e659cb93ed6decab45bc40000000979e4ed1e867129072cc9f44b27f846e333d391c87989dd7bafc0740ee845466b9cf693f533e2bcc1260c2beaf5455100f8ce0b03b11ea03d971f6660a072eb1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79072038c960342ab421b8facb933e90000000002000000000010660000000100002000000088af7c0a8fd750e8ff0af0d3cb3b5857c7e8a2f70128b3c6dcebd5acbf1fc512000000000e8000000002000020000000d78caf0195d72d12e6e4083d01d2f52e6bd79b7dbf11f49d9c3d08e4b5a3eb48200000008e01e9d45bafad3dda22ffb82948dd89cbfd91dd31c0d9a4caed64937d8d3e92400000006a763a66ae84b9e5625d373afc8d05072df03b32a397f8a4528ded1aefbff499ec9e6d904d054c223db33b830a77215eaedba19f0bef74e7d1cf77d3b9101c51 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13563" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05AD4191-7F4D-11EE-A6E5-6AB3CEA7FED9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ytaplayer.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 m-videobuddy.ssl.n0909.com udp
US 8.8.8.8:53 m-videobuddy.ssl.n0909.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.39.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3D342U63\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3D342U63\www.youtube[1].xml

MD5 e62b5fc3f8728f40af6f44825e1cca5d
SHA1 13ac39c8e3f8724c8e84b5a85dc677f4f4c24e7b
SHA256 17b8078a6a60d9fc9bba80e4718efd51475bd25731aa8172e1cf83e345b259d1
SHA512 c371a36d048e660d452f701f11329e3e4ff4f4ff4d97c4dbfd271ef71fcc46f364d2bf114b3dc01785a33f610798d624f356cd9bcfea0bbe02e9d2223c6fa772

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3D342U63\www.youtube[1].xml

MD5 a1a88bcc8cdcddcf380f6fc71c92a520
SHA1 6a0d75d16ab75bbdd82caa5ecfe0ab5b153cb7d1
SHA256 b28f7afaa7c730e386cc5f7c20f77a03f97839e9379e52fe02120f0de8373224
SHA512 ee6a58f95b8f9fa19cce90185100dc9d9bfae82e482547253d4b63c040ca231aab1ba9dc35c1c6858f2d8da4dd9887bf5f018bb985567f189d3d05d4389ceacf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3D342U63\www.youtube[1].xml

MD5 f8aaf286385ef6f6684f8f93a7ef7ad2
SHA1 351334ca78747536d987d7142577356abb9c8c00
SHA256 19fd4dd481ab48101cbe23c16a694bf2e210cfdc1210ba787ed249e920fa1d4c
SHA512 5df9cba6bfb92fbc3a90d3f343fe3df81164cbb5dc83788f53a505b869ca5c71d5b5943ec67ec9e8b1043142dbbf926b14d24590b887acef958c1396a3f9973e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3D342U63\www.youtube[1].xml

MD5 cdfeb703d9b104cf47b9e8cc96d8b433
SHA1 28a25d8056811fae65921f1c49c118e15d0796aa
SHA256 c20711f9a07e899d1d0ca608b644acd2922caecf77c82f0d651ea6518915964e
SHA512 b929c955e79dfc7a877a50a40de8ddb68c98e354da0ac58d15807426aa943eadb72aee090697c72e1db4ee477b8aa81085f1de255c44d7775c1ffaea8635b989

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3D342U63\www.youtube[1].xml

MD5 16e5977444aaa960f2184d35c680728e
SHA1 886c92456601b37a18af3ad43a4a216c700a2474
SHA256 5cc3de8016dad4423a94232c55a9f6b0affacc441f2fbacecb1aa0b09a54be36
SHA512 6d100fa4baa183dace51de92b82f770ab17f2fc8bd1cb6aa8e3e8dd6f855b8b554fd88dcb1f18df3578136910717726c3f5a243906229febeb3ec24264580efe

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3D342U63\www.youtube[1].xml

MD5 b1d77fa96b3bd0f1d611c442193f4c0b
SHA1 dd7e7d8f8aafee362020227d328b5b5436ec16b7
SHA256 3ca3fec9c4b2c6adb394e2e94a6a5d66734d0c19f7f3f9f9d6786eceda2eef83
SHA512 ff07c6d65edae6cd66ff2bba714648bc102d6aebd35ed54902eba2558c94d0eec863ae54ef1720db2d26eb546b1dd859b7055111cbf3e9ec780b6021b587cb68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9571e7d526eaa3a894609be2ed7b6b03
SHA1 84841574704686050fd4993c5b90ffcf12c99eac
SHA256 ce202f4cf6a6301cd69a63e6476b20b0109e0bce3d8aa91ad91f1b01e73a7592
SHA512 fa1451c1884c78f6bda7d2e7061ca7ccad0f0f56320c4d0dec803bac2857e5539f270645ee5d17113fe74c10e71330f55d1d8fcb99a352311917685e25d4ef1c

C:\Users\Admin\AppData\Local\Temp\CabA5D4.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar9D3B.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01a94a6df3f393da8ef8f19311419d84
SHA1 10b2207741eba8a6520b987e36c473e89d25f766
SHA256 63df0b2222a58ccd4f6ca4996e1cb67573c786305e932d3b29ea7ba621917c25
SHA512 fc51b433d03f4b651f8fdbe38a9178850308269c189c1b861de2230d70de942209df643c026e9814a98c0257c8c006daaccb0342e82d62f7efc2860f21b34d2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd58096756bfc06778dd7c775842bc8b
SHA1 2df1f0cb2cdc1468d70d4f6c4e16924cde0b712c
SHA256 c760e967cfe6a7f6fd68671553557ce4679259f5febc9166f0f0dd6cfb2cb8b8
SHA512 cf6097a65d2b170d8ea3999fa4b64cbd83697a331dc3253c874cb3ed398f794617c84e924ed91149d4ca5dc385ba5c2ffd972330716d3fdf6eca598643794130

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa9364b2492142bafcb91e56220cc8f9
SHA1 9cf3ea5ebf128b317700e02c42252b18425d44c2
SHA256 25aa7421a83cf99e5d0a58c3a460115f9f5ed2a193e1d7fce58afe42607c1301
SHA512 48e45098dcfe8c5ca320f53d056cab90bd922208cc2c0522ce0cb5cb40add0d099ae6e962ee98e709a738938d379115fa92d0e25dd4b681ddd887f269a4281a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03bd6773eacd3efce56689a80bc11764
SHA1 6eda8b89dfc79ebc5e56ca9d28201e5a05c85737
SHA256 01d14c20f293c769f4d6a665cc3339dcccff5111d150dc4c5d9ee46991f33c30
SHA512 0705f8c530a4fade6d078ebba35858b2dec4d694ea2ad0ff8aa8fa809d1a6891a8d8cadc2d8a74b88201ce3a988052ef03663b7f03ac04586802f50f591c5d4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4c5dc0dfc100ca9b4d77aff76292e6a
SHA1 871da5e7946f65e10067b5e3b0b00833f362a6a8
SHA256 da47b1825890cbed3c66db12e21eb7a0d3b921f7cfd640c6948081033c180ac8
SHA512 204a00a84e9e5c263aa002bad16228aa60299ca549e3f5ddaad88f82cc217ddce6776a8a0b5abcc944740ef62f69840387bea70ea5a721344a64d68616094353

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e434ce38949e74481f341c269fe63d3b
SHA1 880698a7c4e3a578c3f99d5e446601b8afac0344
SHA256 05d03859035b2e86ba8656b2d96b8486cebe41c0dbcc55fe6c92b23abd6809a6
SHA512 28720522f8bb58be65dafe705117e17dc5c9f7cce2a6ebac6e33ed3ef6486bad1e2b64f93428602c3cfd67ac69f8ae40dcbe459ce43ce1f8c817f02faea257a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c91f96447b6b517c7ee699c483ea131
SHA1 3fbefbd55b3c5fab2d5bde248a951275fbeb59af
SHA256 3c4c60df3b99082b4a64dcea0c3a018b0025efd50dedbdcd9f4d1ff4e392ea23
SHA512 3c7055c78512cfec56c38731c9de5f723f4e1611d242538b6fe2dcfcec0ed0809643e807847cd0f148ebf87d30e09abe1aa47202f89c141c8b1b065f763b7a8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41c2e274b96acda1407dd7c241ecfe14
SHA1 e1d92fee1b761660a7246f8149a9f169d1b13a3d
SHA256 ad9cf555aef7d9ad219f419b67c05a6bcedfb869f1829372f97614594d55d029
SHA512 3d2bc13d8b9de8a940a57ba66eeceff094e06d7b9374012caa99a30d769126286f29a9d96e9ff4ac92617c6ee4f2f58097e89d738e9158fa509b5f2cc6ec1794

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68cf7ff3c30c402525f54e8185816b7d
SHA1 5420263085780259cffab858c43e33fa00603cb0
SHA256 19ff11fc2647c9f83a7b5989191d122f05c3353748a4aca722056c7b983481c4
SHA512 9f7a1ad22c6bcb4085c146599c471cafa31198c361b7121596a0dca9d24fb8afad1f20a4d1107d379c07686e19d88528d4d148e335e942cd092a30a7d179c367

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb4bc4aa7173daab07ef2d85044f1553
SHA1 62c1a0e2b4c16cbccb14b2d7b54f8e6fd1252a8d
SHA256 802474bb893014db34670022f033a2325f4c12b70bd8e3a579ff31a9c960f5ac
SHA512 dc49d8c45d286064b39eeebf94b21994f36967cd7de29c52a431c8a2e63ffd4b9cb7fae2a87cf0655e37de04ab15639a3900eb0581ba2256f23eed1eca3174d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a931ae90c7013927a56f458fed67191
SHA1 b9c53ab9bfc398d16360e6095a35097ba490f3d1
SHA256 c6f3607237f95d5d1ae47bfd9abb61ae35caa25b78799ecb8775ef6418143279
SHA512 9db409cff1806b628a088d105a2c2b2046a7da29d017d8c71c520d21ad78f8c9b2ed35c328b3fdabc0fef266930eef592992b78b08cdca91156323f8b2863c1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f2817d9c1a3fc9e8ff012efded15d0c
SHA1 e96354463c46c967f66f07dbe6c7810c7fceafc7
SHA256 4fdc5a6fe457f0226380c68ca4f1a026444071f571e85385d4117e1814449aac
SHA512 31ae26f0daaafb16b15dd1a064ee7fd43c3ff24e0ef0eddd69daf055c68be37b65150cffff29e036e136875c7cb4f6af175e2318429f89dca6f8aa6eaf025864

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 464a798be854fca54d38eb779c039810
SHA1 4ea272f195488cbf27548d4cf9eedae689f752f7
SHA256 95cc51c0596c2e04c2cef5a3be03a8c21827ba07c6129af0666cca58e48ce6c6
SHA512 95fb88cbfddde134b0e0ad0f554e476612069853d2bf70d19477ee28306925f1c6c1f25c12a039fb1047f7e9b618696b99add030c708a170b4637b2595279831

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38123890ee9bb3855e03136ce2fb5527
SHA1 fa1ced06f457c5d614c42376b0c03a7cd0479fd9
SHA256 7f5fd0379c702f2a131b3af667f63cdec817c4ae4e0c52cc0a93a0a67c3a37f2
SHA512 e7f51b8a7a7776aa245fc5f1ef537da6ddc0375c19078b78f025f58e015770763d47b240bb147ead720eebb699b44d362030d4023eae5f557d04ea07e94f6ce4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01f684ca27869e2a047d255a07a81d41
SHA1 b0edb6a52fe7b9b068f8f999aa12c201fed18be9
SHA256 da3b4f64f83362eec456376a59ecd8631ed43e55f39b6fe3c6344b2a6d566f25
SHA512 b81e5e9b9f65729b37efeea1e3afcb2dd353ac1cb0a1e093f36ade2cf92841baf680c83081776496a5bebfa8e57d97caccdd342e50f422beac81be36cbdddf44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d7a3b54f1af35fc000d5802891c0446
SHA1 22d0a95395a6495b1502425f54e679bae48f2d9c
SHA256 68897bb4e92ad4029978ec4b26cc112defad760a3ed61efd06309f9d8bb2919e
SHA512 245094db0ad2cddb87dcb383748518640f6dfb04a94902a34ce65706c8bbfbc3fc28183cb6192082e3bbd282c470d85d7bce5d71b6ee388b690ff7e531e87b76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87dd7d123c16c94179bb872cfb737998
SHA1 91a09b7b66d0a1974dc80f0487eb95f55e653812
SHA256 1ec81ec7a1839102cede080e170093e86d30bdcfcf7284140fb4f330a570b834
SHA512 ec300d169870d20b39bf6803aa29a026c30c966467dfd6a745bb89ada9328cb9bb1c81371edb5263107648891be47d3a86129bd7bf52acc0f5ba669eb82fcc89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c564e00189d18b2ad3973c3d9fe06b80
SHA1 3bdf30373210d330c6d5e88c732af311ceaec0ca
SHA256 5a6a4d266858cf0b2e6a87924b097083356465d4e43abcc7caf72ba09114dc36
SHA512 f9d955df830d186f53ba3257e6fdb935e7b7a1f562f99d0f767c1b0a36cb4d335c8c27e152f415c29b628e0c45957effc2b71faee6124f3bf31a3189154d6777

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6f65b5a9cfd5ade89d139ca0f5180e9
SHA1 55e35aca94e00ec102247daf8090543ff5882c34
SHA256 314b2caf3985e0855e8ae6a50c1ca9cbc34231c7079c6b024dd73ae0f5c54bb5
SHA512 ec40bec7d985710a2dd489486aec5f26d1494aa80a12508a978a5c606e7f833c7afb8eed47ef4240e31e6cecd9b95179397ecd7ca073a6b4e69a2c3dd691ed4b

Analysis: behavioral20

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:15

Platform

win7-20231023-en

Max time kernel

120s

Max time network

146s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\ytaplayer_diagnosis.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\ytaplayer_diagnosis.js

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:13

Platform

win7-20231020-en

Max time kernel

117s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\medialib.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\medialib.js

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:13

Platform

win7-20231023-en

Max time kernel

134s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\parse_online.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b8a3c6ff97044781f9dc0475faca41000000000200000000001066000000010000200000003f883609f33a3a0fc74e91c8d945967fcdd7f52f3a99b4306f562b705832f91c000000000e800000000200002000000061a5023ca48848b002d7bbe4919feb7abc4075d07dcb7010868928f672b6fc199000000079034ec6da5ec1a4cd4b24f4907cb95301bf463e05200732479621b1bf8c6d2e80baa54c432ae05e9ec0f3d99fcfd453fc8c343ff05363c1a1bf108b519c9d17711934046560f6857d6cb956707a412e5c94fbc61186bf28f2195f93c55124312d5ca306d396233d9b8ae60dfa89d3cd2267644c6c5c35c1a6567ac7299324deb244c76eefc3e6c7fb87ea4984d54e3f400000006f6be2159f73b94629bf440bb1500172bc921816de42532ffa6f0565bd5c6005dd78d69b93fc7da37b83ad630948e5b4e0a64e86c19a66a429b641bc9914eb98 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "405729751" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EB27A4F1-7F4C-11EE-831E-66B1403A5360} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b8a3c6ff97044781f9dc0475faca41000000000200000000001066000000010000200000003f941ccba589e7b99e6f555020bc80d9bd9df1432c3e0e3539791f1ca0231370000000000e800000000200002000000073e8995d9c9c81424e1fd6650ed72607654ea2768e8dac6bef3fea7107a2c88120000000f53979ebcd8bb0dd3f2c92913a0c0ed7c4d5eaf87c4cb803783aff078be436b940000000e2283314611c1da5770c48347030b49f654ed75ff3bf7e17e511f76e8d586450e68ea46249cfa2d9b2df0592e7328607289d808e341d5add9a9900e34e1c0f47 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b054edbf5913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\parse_online.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 m-videobuddy.ssl.n0909.com udp
US 8.8.8.8:53 m-videobuddy.ssl.n0909.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabB51E.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarB570.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 996850d96629271a33b98bd7af642dd1
SHA1 68ab9c6fe6cfe6be172d811e88d06bb64c12e142
SHA256 0860c4d593abab462976df52ab18d3b044fecd112ebb319c6c50cd1f37183220
SHA512 42574bb4bc6c2575a1039113c47092c2523100685596901563f7022f24588b884ca533ca9a94b6d985bde0983526f4514de555e6f5e96039f0a4363ebd1d4a1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f42ae37b0fc19144334be6e6b66186fe
SHA1 660c440958e8b35f2550aaa1209f71b53b81b100
SHA256 a40cf20589f04c0d69b52a8d10dc9516fef226fcfa3b11a0e073a2f80eb57c19
SHA512 5a89d755fc0c979d1777961d88f7bf51efe514dae854283efcea1f4c4ea3ab44d2395d3c5656253207209994ff42263620e4906bb4e268447f2a856d9e9e5fd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ab9e0668a7751ea81ac178d7ec75893
SHA1 3a653408d8e10d1cda7840ff7aa600d2f3c08bbd
SHA256 00949abc74f49c3c55c83efc68b20896081b8658f5b83703f0551364e659d313
SHA512 6d2f5bf2e069bb569bde79d945570ad7c21b6460de313958b5b39b3e9bfb1e16b79fa4b9d469a5235cfd66331335efbdb056774a693a62a6c1324cf5719655fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9a5764606a29b82b908e50efc7dc1af
SHA1 458f512efb27fd68ad6650aaf2f8a42cb2ae663b
SHA256 5077c942b5ee6b8586471b4c0d22354f2641b3be1de23a3f7899cdec227ae569
SHA512 c503f7ebebc5feb855f33cf673dc9cb9db566ea9dda63887955ebe75c491a82b9144fd05bfdc0d5f6b8080987d6ad0a5ffd29afa4a1161efe9cf6438768563e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5e1b0e63d3958a9daa3999e88b02ae5
SHA1 dc3dbbd33c9e92abe2da9eda4ea37f80071b1916
SHA256 66c0eda2d944a99aa566f52a1024a5705fcb56556bd66909a50f4fe43f1eb52a
SHA512 be5eea820c107e980c85909a15bf4f35a6bf22400515635a545a69d1e4e743153b1944dd5f5b40d93565f180ece80e8b27d2c503ead45f2c65caf200fa6bdab2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81fbccd1fa8ce3153a715d9c59f9c4e6
SHA1 fe51edd846bbb839bf6d398fbe371df391a56c78
SHA256 aa8f99ec37c0bbaa9e81e52396fdd60824753dbe3ebaa09384ede227342268a1
SHA512 5fcbd9c2d718ec8c06f16cf2632d88ad3078db47c5c2e743b25e29401922493d515b76c338f7205eded833b64d6521bf8bc5a559e4fefafe463344a243d549d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a683fa9e693a276b240b090f80280c2
SHA1 10ed3358edd92402b42b0ea897f04e14242ca7cf
SHA256 1dca51d1569c3d8b1285f6d26cd7a6fe6bed172675d9e558326dbcd4e5d45b40
SHA512 f89efb4f933cd8ccdf783f25890a6a7d4394b5f5d1b9be70e477644130de376ba5ad1c43e6ea6e5fa62e69b7f82edb02517e1c8ea4e257724778758fcca60266

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21ba9a223e68fc494a23fa6d30c662c9
SHA1 7b6e8397654f38a4e1f6dc090f63185e75b0494a
SHA256 c8c39ce7795420ea3a7b5c97a0ae872accb28653c04515333f532edaf141d3c2
SHA512 f39da20adc7160a4cc7a8f963e919684f3ff04e52541a54b9371ea339f31a64eeaf756b19da0b028eea56829f0ea2bbbacdf450d890d88571ebde2d6cabd0d24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61f752a1be58a488e6b6a6837032b534
SHA1 831e45e1a0f01b01d272fb08df90419ae08eb468
SHA256 619c76906cc11eb63c4ed1bebd37c63f0cf9db96906bb7c90c425d811117c418
SHA512 1436d4c775e7d01d8d1cfca61f3e2620c3c41dcd6b61f89ddf5751dd1384296a44045e92577cea34e305757a3f868f5a8508d4926707de603d19952ceef16a0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ab5cfdb6e4c66d335c5212ee1c798a6
SHA1 992100d6ac0a20253e7a4d3e3be99a6edb113786
SHA256 a83ac2e0f40e11aaa794602119a05b1415eb8c1257df52269ab7deed205fec66
SHA512 4376eab9d82430ad441022f48912bcd963b5c73a51bc8cc0f2832d248a93f096943169c27752be06ad19a9e279b5f08fc694b0ecddbd00f62d1cfeb2c96007a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aece599547403f29c19c559f5758da8c
SHA1 7394710953027ae9739c984befbd49bdaee8add8
SHA256 dc42b4cac5317c5ff581e930884e09aec2b22dd1a91419ce145e9aacc40bcc99
SHA512 821d325505b066c3725a9a72e21b2701fdd6bbf3c8e9037474c3b7698b99b08c61958a52687eca47697f19c39f92d5f70196a26132958042aa2d752802d8115d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 daf85a9539ec4484203b45af338d5301
SHA1 0f81f25630cbbcc2c71347998bd5361505d708b6
SHA256 2e7c9006aa2e7567055b80de3fbda1e0f80101887cbb198314e916ceaab4f779
SHA512 e126d9da92659482218b6d1952c97f6364e75890166e2acb03ee12a93e590aeab31d1b41601de16e45cc7b7c73fae5166a616eebaff2e3780717a5ae54497889

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdd282cd7feeb79e88838a0d172707d6
SHA1 81460c5a9cf5773b2f2f7d014c9fe7a8eff69365
SHA256 ec6ab782bfe017540069c33fa2184147bf9b0db64b25efd09edc9922a508157e
SHA512 ca4aabac40714a8f32dda2cc586ac1d7db1d9b7520909ae3a5885a493bdced7ae26937c6df947d74ecaedefffed74616155a5561c192d7e3caf2dd2864c1bebc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a02f50ae50d55c434cbc186745a85b73
SHA1 84f7245af33017f26ad1dde02e00a3525d92a1c5
SHA256 6cfec91fea299e43cc1833c93c5d2f43cd78e4f8a8f06cf7716eda052412a59e
SHA512 5a68ce05465beb6eca31ce0adb74d4f2f37f3591c4842299bd0ce1b373046d69173171bd9f83e29ba453d7cd20157ef7dc2ce883b0da54f0cc0e33e52933bb37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a51914e52aefb995f8c14cc67c372e2c
SHA1 429d70c5fa7d53b81bb76c7cdafbd6543286bff5
SHA256 fd5525ea656fd962ba19c5705ed7fb43e1a0c17c050cf034e35420936728fbfe
SHA512 3cfa3cae94579de4eac9f70b50812589e81ff473dfb04e34d6279b369414807870f257bdf402ae1fffb1a0a3e8224effc8e08f03ef32ebe5ed6f8be45ebad603

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5dc41b060f5d73839a998eb4b6475970
SHA1 dcad32c523035c9bde1ae84ad505c3c6ab5c2a06
SHA256 6b6f0aca6dfde758108123a614e8391c4da25fdaa35c3560b971f22616c85213
SHA512 1c5e26bb206fa709a6782775594285415318c472bf1a4d035a52f6fbfb3b72ba035fbebcc9af4fab207f475f885754732c49910eed40365602043a9986c2ee22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a92a77a6f4e545b4682ce66391dfa5b
SHA1 5a79948f91bdf23ddabae0a6f3701a05c1075c26
SHA256 52e63ac915997d39dfd576223557983c94c17014defba8677d447308f7a7276b
SHA512 87c92deda1aa49286d24f3cebf9dedf0298868e409b4173142e4dc573cabe146989fd06579cf42a6dab33b5cefc955e5650a950244d8a4474f87a336ea9093f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 141b5218f6ba77f22fb4f63c439f1178
SHA1 4d0c7a9c49cc19a90ce698bb936a1207eeeaac16
SHA256 91ac8b9d0860f6f3eee4e3d4b2dfcfdd840a1d8ed5724fd91687dbc42a158da2
SHA512 da8365165d6eab9ffa52a1b7821c03b56de0ef1d7edd98164f3000cd53e84424aa2299e6a313de6cc0f7fa5a4a548c148fcc095d1fd6254677cdcd0ead1b2da1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a34d8aabf5ec287cda5397be5ea1fc59
SHA1 76bae95984ea1c3911a75226bd8111049df228e1
SHA256 b14f0f2374894994a318b9fff04ffbdb1acd8361f124a9ce332758e7266b283d
SHA512 c939227ec7d354f33d90277d457adce6e61e16213491d6f6e1135c1f29168cefea51b7099d61ac5b6e9619c3752e69f8a068dc316b17029a23f700fd840dd55b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b2bb2f808b54b9ca6f89cfe224b8ee2
SHA1 3cdbe3484aa98b2a70b55c45a7df3c71c1e697d5
SHA256 f1a31f38599755711cb657f488b73e5a5c93d54c83a5b59197aa544a7c634625
SHA512 d8e02ff5c052f1d65f607018c7c613a74dabdb5f651ed7db4ab834389e54730ee05b30ecdaec7119bc8097a8d99e0d122fdd7ac0170dbd6781fe0f0bd3d2e01c

Analysis: behavioral11

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:14

Platform

win10v2004-20231020-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\parse_online.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\User Preferences C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069017" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02851da5913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\KnownProvidersUpgradeTime = 6367109fb103da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069017" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Bing" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3610102821" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069017" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c4cc62da77d25b48a952cb775bb65c47000000000200000000001066000000010000200000002a0bb6b23bc23e3877e838c2ea071e9903dc776a73e41d758fcd3e731fde1ae6000000000e8000000002000020000000bebd3ae7d86602ab80f0988a95d4aca89f9020f8c9c090e0e1550d7032ceef3e100000003fd22dac2209bd3bbedace926d9187c7400000008630bd4283f8c8a53ed27c4e824da2de92c51bd19893cbe030dfc8e665034d49ad78b305c4ddf7515a12109caf348b57fbf3bba26e53a05fe335ca1360b7d398 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c4cc62da77d25b48a952cb775bb65c470000000002000000000010660000000100002000000077556a7c3b60eaa6b1e3d3d93fd2e5e666a0c77e2744718fd1e2447b48981edb000000000e80000000020000200000002aa57375054add359d4ecc18aa55ac71d44f24ec9dbde6611fa36d85ab4c95cf5000000020a03b402a634660c9f33c41a3584271fa7be39a0764514084cd9a29a55b414ee4a562b14bafdaf5e7d22f491f238f797066bdd33ccf2e034d954246352c4e50a5f4a535c3269e4f8ea6b899c36034bb40000000a636ac54772ad93895ee7a2436955f79e6c5b24b0c50cd95b4b58b45b7902d58bbc4b83e8a134ddc243b5a5d4a8193272a0d4b84fc07640fa21792135c2e79f8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3610102821" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069017" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c4cc62da77d25b48a952cb775bb65c4700000000020000000000106600000001000020000000ae5036b11b91036571268dd2f8b6611e44bc285bbc3b87a8ef4d4a0af1614767000000000e800000000200002000000040e4bb700d6528a1ac2627b4b2a91744611a54105e7be0d20cb5ff685fcc19b4200000001ebc89443458d0387663eb3f6ef9a3c24f049c0bce846e803902f2e159849cc3400000003a515d0166e9ef46b7f89efcfb91d18d91ec554ff1503ca6a17ecb2d58cccc7dccf136f9f86a4e3db01d1eba4e4eb537ce6082b8cf5881da1f06443732df5b34 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c4cc62da77d25b48a952cb775bb65c470000000002000000000010660000000100002000000085bb092bf988edfcfa663d5e5a8ce878958faa4c74b15249ceb1808adb6999e1000000000e8000000002000020000000a25a708f7839a3da294eb424dace174826253d31d59ff4b9e720853073ab82ee2000000059a129cd00affcfd02fda52f5ffd1e9706c3d1f16682c963a74bf2c4085eeba4400000003eb9282a27d9d472597dcf81475630e5c75175819a022acb4c1c55e19999ef89f4fef67923100e0ae83abf46f0279d553778bf159c186ff3f28f132a27afb551 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{01A601B4-7F4D-11EE-91E2-CE69B3638587} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c4cc62da77d25b48a952cb775bb65c470000000002000000000010660000000100002000000085656ac1f556fc591004b900ff56e94aa63b4262929e5367c581993818cfdf02000000000e80000000020000200000004dfcb87d425a8ca41d21abc13e158d0d75b98fcbce66930eb5028b110ed065a8500000005c64d7819bc0d951202201ae03aec7e66180638945e19c9158c09172b415d32d87c03d7d98ef083e6cfd708231d93215dc2cad184d7a0900ab78026a9bb881cba54d85303e7be80fb242184c23fc272140000000ea9288a183da81d2d86b52f67e18fa340e1bb33d74c56f4365494df3bca7f5b51cc157fc4c00ea05db692a9c869e5a02518ad8853b2f9fdba8af3d83b890690e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0f722db5913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406332896" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c4cc62da77d25b48a952cb775bb65c47000000000200000000001066000000010000200000005aaf0b66052dbfd236ab08022c5cc27de70c7edb7d8860a24c57a79d76429da8000000000e800000000200002000000027cc633b00610b524249410ca3abf54c7a15b77172f248b099ebcf2861469c7c1000000065777675246f227a7aa5fef99208062f40000000d01dd7485e7de4b56bfec949495153f74674c2e43a61f08e42310f25adac245d21bbc8b4241daa34f5a86542306b43c1942dbb6f170ac87cbb738acef2b51120 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3611665297" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\parse_online.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:224 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 m-videobuddy.ssl.n0909.com udp
US 8.8.8.8:53 198.52.96.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 183.2.85.104.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Temp\KnoB4E8.tmp

MD5 002d5646771d31d1e7c57990cc020150
SHA1 a28ec731f9106c252f313cca349a68ef94ee3de9
SHA256 1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f
SHA512 689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver7DB.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5A2S7N8\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral13

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:14

Platform

win10v2004-20231020-en

Max time kernel

131s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\parse_search.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F71AD6CA-7F4C-11EE-88E4-42F2BBAB6F4B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40b1c1d15913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb910000000002000000000010660000000100002000000019dd8e3a0491047135200eb5c39a0317dd7e972b2387f973f836a1f534ff410d000000000e80000000020000200000003086845a542b921005a59054afae01d868fa71536949d92d5041cc143bd0ac5020000000102505faf1bcc79ed179b24371ea10f3e98dccb00e82c073853fe9bfdc9690dd4000000073dd080633f09e83a556ddfd4c5641928784f185c004ed64a79e40359ee64d895eec44c6acf83038633a7ba5c730039fd7d073bb46df875b2a38671cbad1bdd7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406332897" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3455857659" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00d777d15913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3455857659" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb9100000000020000000000106600000001000020000000d41cfee86748b3cd83b26c99858990dbbc7baa12113e5257445a4e13497c2705000000000e8000000002000020000000709e4e24932b3498ef9a457f69b7c68e9ffdf00782b057ccff23b0548e2991b820000000e28fd6e18fcf166f602ed7465eab71d9fad926b9f173baf3f24edb2133c0d8dc400000000e8f3b86e85d4ee46f5a09c9340a8b813013310ea8fc4d5ac7481e5843666cbe3b8eb619f0b28fe20e36c82c0fe479025d47eee4bb8a4865550538c587211074 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069017" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069017" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\parse_search.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:320 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 222.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 m-videobuddy.ssl.n0909.com udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TG5I02RO\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral18

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:15

Platform

win7-20231020-en

Max time kernel

118s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\ytaplayer.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\ytaplayer.js

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:18

Platform

android-x64-arm64-20231023-en

Max time kernel

3056216s

Max time network

168s

Command Line

zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb

Signatures

Alienbot

banker trojan infostealer alienbot

Cerberus

banker trojan infostealer evasion rat cerberus

Cerberus payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json N/A N/A
N/A /data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Processes

zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.202:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 172.217.168.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 androidplayprotect.com udp
NL 142.250.179.202:80 play.googleapis.com tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.14:443 android.apis.google.com tcp
NL 142.251.36.14:443 android.apis.google.com tcp

Files

/data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 94ed43749f0815cd8769018d6e46d52b
SHA1 95d9b6e732ca90727e53ad19d4b99f7bdd1f4492
SHA256 3c552dd49bf935458d7ac3e572d8f037b25b02b0c06ff4722a42c240fd87dd7c
SHA512 bce3f79133f5829156088e25be5f8a337b7beb3ca33d118aa6a7c59bbbb2f100de5e73359924475189a376976f842ac2f93ca2415c7e356b1a470af58eebff73

/data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 aad1c304c9388c9be1982ea100161c30
SHA1 546dbe1713151ec62ee42d27701bc8d1417c425c
SHA256 2ab80dd9f16a135754a6fb4916d3485ebc26b174efad9b8719ad106d48b58b79
SHA512 7e4ade85719b58bfe0daaf2a1cf4629a65fc1414149b39cbd7cfa9c37835f7fa2bd236b4af24ac7db7a77d9260b40af08dc55e7c16ffd13dae6a4edb3f294d3e

/data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 aad1c304c9388c9be1982ea100161c30
SHA1 546dbe1713151ec62ee42d27701bc8d1417c425c
SHA256 2ab80dd9f16a135754a6fb4916d3485ebc26b174efad9b8719ad106d48b58b79
SHA512 7e4ade85719b58bfe0daaf2a1cf4629a65fc1414149b39cbd7cfa9c37835f7fa2bd236b4af24ac7db7a77d9260b40af08dc55e7c16ffd13dae6a4edb3f294d3e

/data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 aad1c304c9388c9be1982ea100161c30
SHA1 546dbe1713151ec62ee42d27701bc8d1417c425c
SHA256 2ab80dd9f16a135754a6fb4916d3485ebc26b174efad9b8719ad106d48b58b79
SHA512 7e4ade85719b58bfe0daaf2a1cf4629a65fc1414149b39cbd7cfa9c37835f7fa2bd236b4af24ac7db7a77d9260b40af08dc55e7c16ffd13dae6a4edb3f294d3e

/data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/oat/rlbxJMZ.json.cur.prof

MD5 d5ed041f69b8acd0701e23356e73d150
SHA1 a399bb9927188d304390f3479ed0a71a90f967a5
SHA256 5de8bac5726d95a1f744a8d66ea0c6e6f66a2874e21ed0cf7d3a63f185751d4d
SHA512 19508f910a692a78649d1c088c77fabc1cc91af49eaf16cba57d76323883e0f072451d88409028ca3fada307beff73e7831e6eafa6a7697e46eeaf6e8f56e818

Analysis: behavioral19

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:15

Platform

win10v2004-20231023-en

Max time kernel

139s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\ytaplayer.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\ytaplayer.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 133.113.22.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 222.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 48.192.11.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:14

Platform

win10v2004-20231023-en

Max time kernel

93s

Max time network

149s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\ytaplayer_diagnosis.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\ytaplayer_diagnosis.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:17

Platform

android-x64-20231023.1-en

Max time kernel

3056179s

Max time network

162s

Command Line

zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb

Signatures

Alienbot

banker trojan infostealer alienbot

Cerberus

banker trojan infostealer evasion rat cerberus

Cerberus payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json N/A N/A
N/A /data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json N/A N/A

Processes

zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 androidplayprotect.com udp
US 1.1.1.1:53 androidplayprotect.com udp
NL 142.251.36.34:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp

Files

/data/data/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 94ed43749f0815cd8769018d6e46d52b
SHA1 95d9b6e732ca90727e53ad19d4b99f7bdd1f4492
SHA256 3c552dd49bf935458d7ac3e572d8f037b25b02b0c06ff4722a42c240fd87dd7c
SHA512 bce3f79133f5829156088e25be5f8a337b7beb3ca33d118aa6a7c59bbbb2f100de5e73359924475189a376976f842ac2f93ca2415c7e356b1a470af58eebff73

/data/data/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 aad1c304c9388c9be1982ea100161c30
SHA1 546dbe1713151ec62ee42d27701bc8d1417c425c
SHA256 2ab80dd9f16a135754a6fb4916d3485ebc26b174efad9b8719ad106d48b58b79
SHA512 7e4ade85719b58bfe0daaf2a1cf4629a65fc1414149b39cbd7cfa9c37835f7fa2bd236b4af24ac7db7a77d9260b40af08dc55e7c16ffd13dae6a4edb3f294d3e

/data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 aad1c304c9388c9be1982ea100161c30
SHA1 546dbe1713151ec62ee42d27701bc8d1417c425c
SHA256 2ab80dd9f16a135754a6fb4916d3485ebc26b174efad9b8719ad106d48b58b79
SHA512 7e4ade85719b58bfe0daaf2a1cf4629a65fc1414149b39cbd7cfa9c37835f7fa2bd236b4af24ac7db7a77d9260b40af08dc55e7c16ffd13dae6a4edb3f294d3e

/data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json

MD5 aad1c304c9388c9be1982ea100161c30
SHA1 546dbe1713151ec62ee42d27701bc8d1417c425c
SHA256 2ab80dd9f16a135754a6fb4916d3485ebc26b174efad9b8719ad106d48b58b79
SHA512 7e4ade85719b58bfe0daaf2a1cf4629a65fc1414149b39cbd7cfa9c37835f7fa2bd236b4af24ac7db7a77d9260b40af08dc55e7c16ffd13dae6a4edb3f294d3e

/data/data/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/oat/rlbxJMZ.json.cur.prof

MD5 d6e336c37d4433642f95619dc3b249e7
SHA1 4890a284787408eed04b9857274419ac11c1edab
SHA256 e6633a6249ade8a33dfd9fd36d3848f5538b9552cd17c0033296422a3d025978
SHA512 8685d8fbea4a17e7f74e4856933e307dfab568a038090b6808a93351b942dfa731621ad888b20ff2a2ff457cafc812be41201fff696edcf4fe774ef599ed2500

Analysis: behavioral5

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:14

Platform

win10v2004-20231023-en

Max time kernel

144s

Max time network

150s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\medialib.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\medialib.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.113.22.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 254.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 105.193.132.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:14

Platform

win7-20231020-en

Max time kernel

121s

Max time network

166s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mintegral_jscommon_authtext.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009159649b912a9140bf53d83809c5b2ac000000000200000000001066000000010000200000004547f0078d25c19e056590179c2ff9e780465472816b4716257d7f882367ed2c000000000e80000000020000200000008185278410bdc4b8236bbbde7b8a23d9564d3a8096b6d9a44a99a4537440c3292000000048754fd4b1fd3e87bb4d2054033803d1b87bb93e66d346cbb39db67fac2a0843400000005ad35192c7e85c95407cf04993cff353e2077b54d8126628db6a586a3f17c5c416bec726a5def5d28879d554d1e7c6709c01ce16f699b1504b07d7f1dc616f73 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "405729769" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F5F92CF1-7F4C-11EE-90CD-F6B55313AF05} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00a127cb5913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009159649b912a9140bf53d83809c5b2ac00000000020000000000106600000001000020000000d947166b8ce0f404c19ec085f74647c055af6078cca12961718dd0bc2fe2b47c000000000e80000000020000200000005fd8b4027b8afa0db5c4d8d7a1bc6391cdf7124a32d0fef02f60a3333ef87d39900000004c9d0d2e451eaf2ade3c3aed0748b049b80c8ac97cf171be6470a1b2a08b2e5dc388a169a9fb9dd0a6bb7eb252d6f93f74177efdfaab9320ae387618613b36340ff34a624b6ceeb7c0de32608b8e1f9899d8e7860ee9ad8216f778d204b1a509840bf3445b23208211b687fd69a987f21b7b59031d7c2b54ab849ee1c0e864ceab5d494594f986bfb95a07dd996fe72a40000000754239979899b597711591c10b80186a907680c548595721ec84795e8bbfb65b726bfd41e6c92176200efe4ca4baa01c1f0f31626fa8ef262270534dd0612a67 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mintegral_jscommon_authtext.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:320 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabE1E9.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarE279.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a138e4d88aa1b41c771326b7366548cf
SHA1 074c2d6b8ab98e2ac135f9181710f2d5a719ce31
SHA256 35a2ea19f4513b915c7b3b0870df0be9d4887362dceda5ff90d5c76cfb9edcf1
SHA512 efeb9877f53c7b3d7a034071a7f958a71c28f116b58c98be3ae2640929fd2586cc43ceb835d106e799be954704f533bbfafbae7003e92f4ce46808a54b9a2ffe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae2675766b5aa4b3f851259b52052dd0
SHA1 e8535adbb724393293222b9f4b33741d5c45a9df
SHA256 18cc9a3c95f066867aaa0d4b6da3281783f7e5d164f110eca3d29df5a63f5805
SHA512 37e910ad1c3d772162206b0a2877e0d60fc86391e34c96fb4d2f05009df9519ea522f0721f91a7aa0df3edbe39061ca426d95c9742faec30817277365b62d521

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6db19269a4f18703a66ee2167d2d91d7
SHA1 45b9ca8ad79e7a80634c85fa6df53c6844342f5d
SHA256 c9d54120780cbbd9d8b6bb862ba3d2bf03f2778aa941e5d32aca7b7e48ce91fe
SHA512 265a884efcc26014e2c1c288e2aec87b6318c29640916259024129a2c4ce8b8370c2a5eb9b178df85fcf4170ce2b3c562f19d8219f656d8a59e6d821b88c9cac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3e3bd31bf9103a058af7be709b85e7d
SHA1 81124b918361091f00cbfb289a38da181f408a83
SHA256 822ca5f284b5b3c37b26532743dd7aeafbe8a3c4cba636fc47f0b9e834f1f01b
SHA512 acc9790d2ee15453cfa116e83531741f3f7ef077543ec996d233cc04a8f0ae2107507f5519db9e8e2b893519eac28036902d6e8a667a7ce885953b9936e7119e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc5ac965b395351179d70f99e2b83f4d
SHA1 1acdb9f8c669a3df571772bfb5adaba0102c332b
SHA256 927205e0ca2adc815b6f4d2f7ca2d4cc641e348f5b7ec7f81fc1f3d1458f18d4
SHA512 8668ed6bd25c98c08b8f1f1f91342c76a86c170a7ddd8728e4dcc7b4ce816ee73ad7062225239226cd67e94c22991485dda2bb81fb26e350bd1f91da23c8512a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 130c9d09bb23bce45aab0b84934a095a
SHA1 585f0ca37238962c6f9728b85fe38a77d86de0a7
SHA256 7105b61af4ae8d1c2ee285411441e4271ce3b9d0a0b8423c87f32009cc045047
SHA512 c8cabb05817e649ad1e1c7bbe0c5daee630b6df02b20540d7e964f12ee3bf02db31aebd583565511b7155efccd2f8f6b0cbae76d1c6a2ea5429c833f30d89ef2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36ba8f880b2d7c3fd5c0c75bf8a2d799
SHA1 983ef5ccbe60f7a2e6ab52076e7d76f735b27a7f
SHA256 46fa489eb83e9fef00ffc67cc225ca0a2ae5f3fba7e4cb4a60351b5dbb141b4a
SHA512 ca2aa22c540c6cb14ce491fe2287b6bd54b554c4d5289c975e9bac8f7d02ec44aab2cfbbcdfefea3023bd902c6b584359cd52979f0d79c232a985102a872331a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25b18f203c6f7a01c78fd7bfadb5b250
SHA1 9324aae7a8781edf8b6c79422fccd6818423de0f
SHA256 5032e72a5048c404e22a890c9c957a5437e42617f2c782ef0c5d88e986c342d2
SHA512 d1b3f03520ba4dd4188f77b01795dacb0e2045694adbbcaf300b6829bce103cfc9c0a7ee4237fa0553131f03dc0c9106edbf309287fd3383869f8f88adbf9e97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b2c9e9a4473e2793a93b9407afb2eb8
SHA1 1136f7ae7696637b713424ce324d25e50ff42f74
SHA256 726d3d36d23eb3113617c044f0996195f9323e8d366e21606709c0519a552376
SHA512 3ef1623df783427d8656acbaf1da7efcb99e65dcc78e79f8ba274b0581f128e51ba899979a0fe49ffeadb95e445b6d4395aa98f5666e18af19b311d73edc52aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eeaca6bf68f7a67f46252709bb4d3d9d
SHA1 0e827dd00da9e0ae7fff64b873dfc9c1c0534056
SHA256 da6719bc7c8f8b278f9d36b8361f384fa69d35e5675a0592c1a0b02e0066a316
SHA512 42e6a4df458460128f6e0fff63f34e1f27d45d54a9be9541fa7d92d1f2bd2ae3a4f1ad4db9527d1fc68eb0994ce1a17cdec76434d452261031139c4ddc217d67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 047dee3ae1b090d8d9fa94d987aca9be
SHA1 206094f1eee388254ad32d70c512199360bcb036
SHA256 d3d492b69a41cd5a3310c754fcc6a703775236a4e13edebf50640c8a22b8d942
SHA512 ae300d7c9723f296dc46795fa5bc7face961ac310ed249791bb438cc6b701d285fe73fc7e57fdd7b05e617b4fc07bddcb518fdd10b9b8ae048d3b847432b519a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b63f1d2f073aa8823e28f22444657b5
SHA1 c58e31fa7b0c8542045b24686a6d8d3f6980501c
SHA256 a3190f4261c0e681d22b5e99f85fc9132c897402e4678a9fa4718ad22f3a8b07
SHA512 af214121d7e0d850a4f873995380df167caecf4eb5d0b4439fd15f016f1e681a367719994eb30cde08321fbe43daa8e4a9a842cbe0de95835069c742845d0ba7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3874255a12a240f85fd863c349ae0666
SHA1 9537947a59b9575c7ddf73af9fa07bd8e747c33a
SHA256 ab67e03e3146606d6cff2b84d4173738da2d8a44f2862e78b08f13138faaf455
SHA512 0dde5a79708d384e200ca98d9ce104f1822a8a36ee6e3a89cdc2b5feefe922fe7665017bc7fc45e4bb1a2820eaa52d5c074c89aa35150f9ae5acad556553c4bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d16d4033cbfae424dff54d8e49dfc373
SHA1 f71f8ff822070f51d50e72487e8f81290608653e
SHA256 37db0e05c00b4ecef3c70d8daef4362e4a4dfb24fb8bc73433117875f8c9ff61
SHA512 e332538b0fc8436a42c9e98e2c553ba32e2ef7e2541fbc3634358e0c52c515a791d70b4e9160d1270ceaa4896a70683d6ac6019b43ff11fa56e0cc9c9884e58b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a83169f609cdc0cd126a134bed9a670d
SHA1 f1661d0445ceecd28e6ad4af5d8b8975a3a01533
SHA256 666b9716d797baf01453dbdac78bbfa215bab8e4e055070440cc4e0e4d8df6ab
SHA512 4b5521562aa69c835ba2d286ea392e9e46435cfaf9077bb88131b288328421144cef71d0e4f93afb9cc03e3615d145990ca2fa27060c800432444811faeb8a0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93300fa6ad86bae0fbea1be196e881fe
SHA1 a0ef673ceadf9e9dccf8f3344269347356efe9db
SHA256 98718f8c7ca19babb5d09d336c7821cd31a0c1ede187d5aee67986f6fac4c044
SHA512 beb335b97cd23a7f8dff696a076bd016d696301301ce1957d601ff4d10336eb6f5133c18b5faf276a42715b7dcab1ee6c6cfcab34fa8958ef7504e229f37a0da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3f58acbecdbc6e09feceb307b4f2fc7
SHA1 5153c604ea850680411cf6c68cc22e9e2e1a8184
SHA256 c0a64ee2de6e41e0fa1a6b9ad687853dafe9ac68513efa7bfeda5e28fd3e6a65
SHA512 1dcf9fae37852ddcf3efad18ce2862e724ef215334fe9298b2db6ce419595060fe1734f3f769208316578fe591fff1c406f9ac661cb051c21d9e6d7d841243c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 923c9a271c8d7550f25aee2e86e3682a
SHA1 404542b4dd8a2fb91711c61e42babc3295c1ae33
SHA256 ce4c19fa521339f076b607aecee285c61e673a7a232e9508b68af21186d44f0f
SHA512 aea640fbeaeb99dbb75386cc942a2d78b75ce9e140803066a3e2850f64ec9c4b9eeef0cf1454246829979cc35287bfd0c6528d994b9cc6747e8de903d3a7131c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bfa1e191864cacbd26a976a721c906b
SHA1 76f109496799ff8a75169d280b203c6995138030
SHA256 e4524f16375264a3dfa83693cc7bed1a64ae83a1d0f2d4db5d6f6060018cd9e4
SHA512 eaee7b51b28927a0e1e2019a3f0c405b2d2dca64be045ff9e832ea7e51a9904f3b46bcb75506115467708b82ea93e2634bbf92e54bcfb37d162626b581074d2b

Analysis: behavioral17

Detonation Overview

Submitted

2023-11-09 22:05

Reported

2023-11-09 22:13

Platform

win10v2004-20231025-en

Max time kernel

146s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ytaplayer.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069017" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c673c30fa5e1df4483894e0a711271f90000000002000000000010660000000100002000000026ff9741a12dd60ad43ae1375fff2c7c0f6df797e87cb14e7b2c3190e0d0d9d1000000000e80000000020000200000009f60308de9aeded325fac251e435ae6df7c02f5886ac91bc6a724953b9f1948f200000006429990fc3be98d5d791915de630d80f2e421b7b6692c60b666675583238b9df40000000a6e628523808e9d68dc39cab229fe2cdba8b0e99822a9d6afc1a3b49ac8c6d4e6f4814ae69781d44ecc2e7d10ec0d562473c87981fad272bb7145f240d603c6a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406332864" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "10340" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3141490230" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10340" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4016b4d45913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3141490230" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10455" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "10455" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c673c30fa5e1df4483894e0a711271f900000000020000000000106600000001000020000000bbe6ba18eec5739fbe518cdc347d704eb837ba9ace03c28b35157ad3bf576346000000000e800000000200002000000056407b93e984e79f6109669a26773118ad4dd6b4ccfd611a1e1c111a3049c46c20000000412ff3d1a58729dbef3ba5c8d2d299f8d37387a2ebc43a158cdb8df868f3eedd40000000ff63e2f38583ab1b2a1aee8c8afe2594ed9c4f1687c01e2dcda1ceeb881635ecff81763dac0ce4168235af93c5dd5038935db6bb424632f2c56c82f1b4276a9a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10340" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E35C7EC3-7F4C-11EE-8286-6E2269FCF428} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10455" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069017" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907f87de5913da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-177160434-2093019976-369403398-1000\{990B9B7D-1809-41C8-A9FA-B81C415285B3} C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ytaplayer.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5048 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 133.113.22.20.in-addr.arpa udp
US 8.8.8.8:53 m-videobuddy.ssl.n0909.com udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 91.128.125.74.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.170:443 jnn-pa.googleapis.com tcp
NL 142.250.179.170:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver12B8.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O31OHRAY\www.youtube[1].xml

MD5 3ff4d575d1d04c3b54f67a6310f2fc95
SHA1 1308937c1a46e6c331d5456bcd4b2182dc444040
SHA256 021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44
SHA512 2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O31OHRAY\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O31OHRAY\www.youtube[1].xml

MD5 01036da7db3f360737962b58927a1568
SHA1 a032b980102ce76adbebff45e190067d84f730cb
SHA256 5aafee83d8a931179614dcaaf9a97a689a3dc78620a4e919aea7da228997f557
SHA512 131a38060da311d15f6b12374c2e631eb15914f5a433f4b57974c7c661b18843bb3834194116cfc3177e0ea1da02e9024cc6a8ff720200eaf2a6dfe6ea3f192f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NF6NB1\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee