Malware Analysis Report

2025-08-10 22:50

Sample ID 240108-es18yabhd6
Target 4a6891d519b8988e2b6f37477f04908e
SHA256 e21ee3522f6a95767ddb9e975d48db72b9a7f04921fd117ecfedf26a362ff689
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e21ee3522f6a95767ddb9e975d48db72b9a7f04921fd117ecfedf26a362ff689

Threat Level: No (potentially) malicious behavior was detected

The file 4a6891d519b8988e2b6f37477f04908e was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-08 04:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-08 04:12

Reported

2024-01-08 04:15

Platform

win7-20231215-en

Max time kernel

146s

Max time network

153s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a6891d519b8988e2b6f37477f04908e.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410849063" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000ac21b28a0c85dff12404aee030e6f8d81b769d2080080b6ebfa78681dde55ca6000000000e80000000020000200000009c41f9c535f14c0faf1f1174d625a77707494e23ec3cadb998cd2b245310db73200000001296f5d7af64c9cdc771075d26bb1eb838e5efe118ec04cd49e9996eaba6357940000000e0f5e5ccedd0379be70f92b2d260ca975ca4e3e6461eac407fc5679f55bfc0dc593393d7e9275ca61cbc6961146c5b9072ba027d53def7bb84da27cd9e2c32ed C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 206b2629e941da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c1930000000000200000000001066000000010000200000002a82151a8013cdde240b1a8e73cb06ace9c8998d8222455dbc42d67bf0be821a000000000e8000000002000020000000408f56e84ad1acbd9fa40c475c5a92d92d8112a28f7794a5038667b617a5b35e900000007fea1771799b18f3840c48dde091918e06e2e5090a76216177a89a1e733defa2871aae2ca0f3e7cbb043247d8093338d452b0d01bf94c6610c08b27876724cf44308788692794758afa607054024be76f5148acfce3d880316536dab69fab56d36c0bec6a9b893fc7f5689b4615245e47412eabde5b785972fad1410bf375c1116628780bdc55b7e4dc8aa04a8432fc940000000bb732afeada9e0f7ed3a3bfd68587d7ce65151a9015aab3eda215abed7a16e1832c52c20cdfa6c238e88c9afa507aebc31749c868f84d291bf3e431a04e8c7b7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3B7E4F41-ADDC-11EE-9B2E-42DF7B237CB2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a6891d519b8988e2b6f37477f04908e.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 spellmanshow.com udp
FR 188.138.97.31:80 spellmanshow.com tcp
FR 188.138.97.31:80 spellmanshow.com tcp
US 8.8.8.8:53 double.boublebarelled.ws udp
US 8.8.8.8:53 web.icq.com udp
US 64.70.19.203:80 double.boublebarelled.ws tcp
US 64.70.19.203:80 double.boublebarelled.ws tcp
RU 5.61.236.229:80 web.icq.com tcp
RU 5.61.236.229:80 web.icq.com tcp
US 8.8.8.8:53 www.website.ws udp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
RU 5.61.236.229:443 web.icq.com tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
RU 5.61.236.229:443 web.icq.com tcp
FR 188.138.97.31:80 spellmanshow.com tcp
FR 188.138.97.31:80 spellmanshow.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6144.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar6186.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b99bf0924769a23f74f0db86ef13db75
SHA1 0727af2c6b7b8efa8457f3eef049be55c9eb40be
SHA256 9b118e2ef732cc4b67d59b13f403108079a1e80f693872860184bfe959b30206
SHA512 648edf7221690fface17d19a13bbbba28ca75395b9a03040df54bc978c42f59221a3cfa5b9942d9517544f38ef3e5f6d6adf6d270e0ae182c0be2d5ac7158ace

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2022ac17bc414e60ca8d045ef0be4cc
SHA1 6937a685b90b44002ecd837cbbed7ce91749f8a9
SHA256 0c9fa44433b3cbd4d8f889693b46fb07c79cc71446ae57f1c6238aa0718acb5d
SHA512 3fb31d402a9b84f0c31bb5fd33d98a6e2c56a68c42d9da4703b73d60cb122340d5248059ce0f7f17814650eed58485e28f37f4498718dca02fde5724b23ab1b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 257d02328c28b8e7912c54b8e4ebbc38
SHA1 27c5d8c48e4ed54e7a7c4eb169e2b3af1957af00
SHA256 e2bd1292c56ba12ca55a076a3cb335b49ea329e035884a0f0f5adea73419cfc5
SHA512 e6b1dfb7f477677d7ae695b2be16b77ca9ed071c9c8d5f3e92e976e54b4a3cb1f4410556924612c00d72f74a20ed052d09b27712d5265d5fb28ce25bd595636d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b85b2bb96516b227dee1cc4b1701d7e
SHA1 4e2f262f3104383ef1ee7405d62c055038366690
SHA256 4b3588d0cf2931407f74734916081aac417beaf4513ad779be5f9f59359c0b7d
SHA512 bcf90b38d7d2144f148fc716d483a0d1af655ade3f7e7af16925493bf54f922debb39a032d606627b4a7b421ab818a6d50a4b0de0ef5bd98ec8970c75f0fda9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cec5728b5f1d7e8f2c1e148a3713ec0b
SHA1 2697bda60ae3d722a8bb1efa8b13c1a7f56e8e42
SHA256 63b426cfc1303006829285f9867b51578fcdec46d5b304ff72c4a5786c4b6380
SHA512 4dfd40ef9c2a129615e8ab6654d04e6f2e6eb9aca646df7fb4ee7a150f98538c2632fd3b34256e3327a6bbaed6aceac5bfb1ce616ed823a441e07dc98d54fff3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e910837f2e0817d72e7e3819af4a830e
SHA1 7866ad7926296afb9244dc141b3c3b97291cca2a
SHA256 4cd93b64b392453fe2da68d902c5c204e1d1981b1cca3d55c87b5201dce44531
SHA512 535ce697ff2f764826dc7c1eb418252cfbbeac1d71d77b33d7eddbd39dd766ab1bc1865ea1e62d807153ac73d70dae379419919cd486721673cfdb86683e3c26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fafe58c00a9767f9c7981a45abfef929
SHA1 3e69eedd0a774530d4246367b7ac2a852417a882
SHA256 a50719c451029c663cff4c60486b419305d07b6e2ec28b0e9858c8f8041c59b1
SHA512 567ab3c1b8dcc98aadc0309064ad7d9a7b2c2bc80493bfb3ed88e8e6970ac8b7b861966b450590df527472a9700ec7545ff0178fbc1306a45cf2cef589aef4f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e41109d2c75a095e8f7989b8a097b7c
SHA1 ebdadc4a14a7c020e758d360885b831a7f016e57
SHA256 3017291e82e038f5553f91a50e1c6ce793f707bcdbff008ad04dcdc8c469d23a
SHA512 5c4ff1b58e14a0b6deead384a9aaa3d05493407c85d2488ac2aeb13fd968ec51d764362b16aaf7059cc1111739f3906f6ac136b3ed87377610b00d7c79af1f6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ff5c59f9403c85c36dcb74fa853ddf7
SHA1 9168941c0376442b07ffb6edd9c63908f801b753
SHA256 d2b13fed25421bf59802f0f1175f068fce9ba2053b0874c9342d10ded9ef6dff
SHA512 e6e006cc8a91d8a49bf45d9859d55054e76c01b160c04abe89de4c41469ea76118de72c42f45017a9ce4f822a4837567881ad215b7e6c075659ab6a3671bb3a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62301426396e2a570de7b76ad6dca850
SHA1 7b8e4e1b6d4d7a112b8ac556099b2ae8516dfaf4
SHA256 30fee184f76f9f414e5bca281c1d1b696f0d469af9c8addbb5514267e0ccb081
SHA512 f5f77c8380e1b5991d0c85cc325b25d262951d36a889b46cbcc9851cf32070cd48513a8bbafa3bfa54a1a491d5eae15c267e8ed565a64482a05e674f6b80a339

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99a8210a2b4b228a6d18094439177b31
SHA1 6b2b258bb93709e2c922f6b3830d148b406d6072
SHA256 aad06d15f3afb5c72a25c9f53ddee7ce69869c748ffaf0698f3b05dbb2da9c63
SHA512 8ba8028b72f4dfceb9eb7f6e2485a52f8f18b35eb60392068c0a974ca030f3f4f76bbaf44c345c1244437f1c131fd3d71d62cad9c5ea55e2e4bbef52e68b86ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b14e7d9e0219db4eaa94d287c7783fb0
SHA1 1e16f5a40308c4c1f9e99c4a77be53b151679c78
SHA256 89d2a90aadb847376b7b1f138250913f005790db9e29b427378d0e28286a4211
SHA512 fefbf30539e408e649ba72be635bbff1b5ced54ee7961ec41e583cafec8b1aaf186c5111b0b5655e94673c021fadc7ada87f176884225fc4b3fd2fda5e48003c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e59347c752e5f1b697cc7fc8af5f65e
SHA1 10b5bb2ef90745bffefdefc0c21188c7aaa20afe
SHA256 337a80dad52f9c3ce331a1a9649e14548169ac7cf9eb52003aa46da25e02d360
SHA512 de110306695dc10b0e8c254851ca8a7c96822af5c565747bc39196fa4f971f72d2e8ae818796f65d2d1bc44143f98fd8bb033b9833d4a3ce1efb0d1f839908bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 481ed11a557d52aef74cc1dec3af33b6
SHA1 0eed22a6a0d93ccd074181c13752562b3ee29bc2
SHA256 e46887c061d8e0b79b29eff8a76b77af03b5134dc892da49ba07a2af785bafed
SHA512 71c480166b9c45559bf40bb5539b5504c277f1576be3a3ce52e27b3db437cd51cc6b4f675dad3975ba6d63bb4ceeaea1b6741d9da5a79396cc1623060f81c5e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1914f8a28625ab8cf1d58f6219a6323b
SHA1 3e1280e19e7d8c01123df69cde83a3782db8e5c2
SHA256 c495f65df9672e983a2961f3b6f19a441c9517221c26b0c6dbc4d9582f856e42
SHA512 0061d58f67c8bec4aebff7ba319e660ae2ef262e684fa48403b7085789cba0670a8116b6a36e64586138a274e72506bd01db30c7efd1460d107d2a6d4262915d

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-08 04:12

Reported

2024-01-08 04:15

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a6891d519b8988e2b6f37477f04908e.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005f2859d464fb564ea9e97dd009a434cc00000000020000000000106600000001000020000000e0d6a17e84df0bcab7b700ecd9cf257e33e9b0397db5ad7299034355088e6062000000000e8000000002000020000000fb1893a009c166d620022390106dd31e109164b3af0320b9acef88d9446620cb200000006512cbbc9e3c6d10596619a3245129920564d3439a4577c68d0ce0f0a5627216400000003820b9eb4f00e5e088b7b5670f8a2f5b8a46dbb67674aca0568bdad1aaa289f936952caaf34391277d0af41615106692907736fc0026eda9977111d666556821 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005f2859d464fb564ea9e97dd009a434cc00000000020000000000106600000001000020000000b14e883264a18bcc969c295322fa25529997911e66e5c320bfd9888ec36f5473000000000e800000000200002000000043a1d41297e90af56e8634b4aa339919d69de11a5618460d7a66d9c3547d9be3200000000336b007ea5cfbaafe7c97252e90180214c8b3410534af1febe59589fa77e8c340000000b6ed6bd4e09926e55bcfc868401281e9fc08697c12c193fd563f9822472b256997f4a0b8d5870fb893819ed2e580d4b43b39dc572a442277431925b8500ee2b1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3C344917-ADDC-11EE-BCD9-7E4216712C33} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0eb4d25e941da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31080937" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "282965118" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080937" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\website.ws\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\DOMStorage\website.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411452168" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "298766028" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0fe6025e941da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "282965118" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080937" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\website.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a6891d519b8988e2b6f37477f04908e.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 spellmanshow.com udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 double.boublebarelled.ws udp
US 64.70.19.203:80 double.boublebarelled.ws tcp
US 64.70.19.203:80 double.boublebarelled.ws tcp
US 8.8.8.8:53 web.icq.com udp
RU 5.61.236.229:80 web.icq.com tcp
RU 5.61.236.229:80 web.icq.com tcp
RU 5.61.236.229:443 web.icq.com tcp
FR 188.138.97.31:80 spellmanshow.com tcp
FR 188.138.97.31:80 spellmanshow.com tcp
US 8.8.8.8:53 85.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 203.19.70.64.in-addr.arpa udp
US 8.8.8.8:53 229.236.61.5.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 www.website.ws udp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 8.8.8.8:53 170.19.70.64.in-addr.arpa udp
US 8.8.8.8:53 status.icq.com udp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
RU 178.237.20.51:443 status.icq.com tcp
RU 178.237.20.51:443 status.icq.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 51.20.237.178.in-addr.arpa udp
FR 188.138.97.31:80 spellmanshow.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 64.70.19.170:443 www.website.ws tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 images2.website.ws udp
GB 138.113.101.12:443 images2.website.ws tcp
GB 138.113.101.12:443 images2.website.ws tcp
GB 138.113.101.12:443 images2.website.ws tcp
GB 138.113.101.12:443 images2.website.ws tcp
GB 138.113.101.12:443 images2.website.ws tcp
GB 138.113.101.12:443 images2.website.ws tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 12.101.113.138.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
GB 138.113.101.12:443 images2.website.ws tcp
GB 138.113.101.12:443 images2.website.ws tcp
GB 138.113.101.12:443 images2.website.ws tcp
GB 138.113.101.12:443 images2.website.ws tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 17.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
GB 96.17.178.174:80 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8PO8IKDM\layout[1].css

MD5 e57c81f3a17073a78a7c3c865f74f89a
SHA1 587d7c955432f1e5a87460ecbf9086ae2589346f
SHA256 e36f1f796e538f826beb42510edc0354133c61c7f711b827def7f91d3f7c8bda
SHA512 630aa9dba2aee1125103954b093af8b24907d98761e1a9b93fb6f6c43abfec3afdf53825e3f12fc3cf87fa14855daadfdbc90b1e49b503fb2917599dd77daf52

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AAZL0E9Q\emoji[1].css

MD5 e7afdc59ac3db2e735bca0105b3fcd6d
SHA1 15b9055b555854c519549aa4c01dca887191d945
SHA256 8376faa9ea3b31a84f476ab14bdcd9110051f2e74f99d8a5459658d48a5e8cda
SHA512 6f4dfbec2348bf4bfcce6f9282b227d92d905448aacfdce547a8bcd952eae2de820ce61a0b4fef85f8590512d455cfc20e315bb88b6528f28d618b9558643405

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCM17AA0\js-loader[1].js

MD5 ea5a5798612df63ab0532174aaf62634
SHA1 0f4713eef39ab07510d3703ef201885475ef0b42
SHA256 ee44a690e6d7ba27656d9a013b7803d69461a19444d834c918d16c1c56598a31
SHA512 8cfd3dc5eb7f2ab4f27abf80bea6955a00112b84ba074cfb8a1bce0207c36f6f12e2f3e90b8ebb8fedd56a5520a4a0d09397af9e6f4885addd890df7bf3b8907

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PG47MANB\favicon[1].ico

MD5 cb546f0ce2ca2505cbc9088d8a4592e5
SHA1 d87b70b1a34f4313d085de80da3aa4e8845af904
SHA256 0c3851f8f6d7b9dc63645a68b0db991edc9162620b9d757684a4a20206c458fb
SHA512 b6fcd078f43082daf299a49646280ac3a30b91d10dcfaf8e9fb9e8317af417e34d45ae7397af9507d4101b7bcc58169c2f64adcaa253fc08204b98020b20b551

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\mtw0pfb\imagestore.dat

MD5 787408cdfe6ed4d3c8cba1eae7fd5571
SHA1 44468bb9497fa6d78972ede4a966ba6ad765b0a6
SHA256 387ff89957a48f57bb42839b3527cb545c674b3053824fa8868ed599f8847342
SHA512 e358b27b1b7a3a39abf4d527527ec2ab6b92e9af0bf5d788639754fe816dc15dfbac49efa4d0549f34bc3e9078b422094a04147b094aad0b5274d4881c9f83d4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8PO8IKDM\recaptcha__en[1].js

MD5 37c6af40dd48a63fcc1be84eaaf44f05
SHA1 1d708ace806d9e78a21f2a5f89424372e249f718
SHA256 daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24
SHA512 a159bf35fc7f6efdbe911b2f24019dca5907db8cf9ba516bf18e3a228009055bcd9b26a3486823d56eacc391a3e0cc4ae917607bd95a3ad2f02676430de03e07

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCM17AA0\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee