Malware Analysis Report

2025-08-10 22:49

Sample ID 240108-etyjfaahcm
Target 4a693a327ee359947d6452ee5825f850
SHA256 e865b288d561dac12a587681e609a93dfcee8289947c510a506a69a7ec815220
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e865b288d561dac12a587681e609a93dfcee8289947c510a506a69a7ec815220

Threat Level: No (potentially) malicious behavior was detected

The file 4a693a327ee359947d6452ee5825f850 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-08 04:14

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-08 04:14

Reported

2024-01-08 04:17

Platform

win7-20231129-en

Max time kernel

147s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a693a327ee359947d6452ee5825f850.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6F191831-ADDC-11EE-A497-46361BFF2467} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f120000000000200000000001066000000010000200000001f50649159a114102c3afd3f35c44b66098b7422178fa51e82f2b5d0031da8fa000000000e8000000002000020000000a0216913f164ab8c4e764bdbacfc79060f731ed99f0a07ba005caaee999369a190000000e338c21da41191d35849cb2099dd8c7c3100bff7eb13eb5e6ef1dc6b97905c30948e26357aef4a4e684e0d7c467bda3d1d0421eb27f05ca8cd6058fc2345f31f5c75c9707b98687346f648a410b0cf1b5aa5a8f3fab5969d49fa47d84aceaca7c4b735e5360d44bb2ba0c1e23e43370c1f97cfaf287227de5b6ab57ad3086b1ddb29d9b120043f054d4f0fb764823885400000000b9d4438c9f06c5817aea3e1181f86476c3ad1f05fad60adc1cc69b8fd8d1a83fb8d3c52fbe5ebc174d76dcbb296ce359f7a6c030ee69a40d0468dec7063765e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000115914fdaad1a17e7e20f4102be907830585af66271ed1a0075eedad468467f7000000000e80000000020000200000009b550aa2497df78c8a1f6e90147b7a97dfddab3818b13403ee281e1c74210a1b2000000077d75ad1c8defda46583d162f72db1b08b65f51aa3d540b4d83f9a878f990d544000000048d37d60421a51b72669f513a0616127a724058670d7e306339f6f4bc7fc96a9b1148f9ef575bf42fd3d38720871627fa51e65fde68c7e5357da368a7d5b8fc4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0fc7449e941da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410849145" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a693a327ee359947d6452ee5825f850.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 mytts.forum2x2.ru udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ripurl.co.uk udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 illiweb.com udp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.42:80 ajax.googleapis.com tcp
US 104.21.10.57:80 illiweb.com tcp
FR 178.33.43.150:80 mytts.forum2x2.ru tcp
GB 142.250.200.4:80 www.google.com tcp
US 104.21.10.57:80 illiweb.com tcp
GB 142.250.200.42:80 ajax.googleapis.com tcp
GB 142.250.200.4:80 www.google.com tcp
FR 178.33.43.150:80 mytts.forum2x2.ru tcp
FR 178.33.43.150:80 mytts.forum2x2.ru tcp
US 104.21.10.57:443 illiweb.com tcp
US 8.8.8.8:53 cse.google.com udp
FR 178.33.43.150:443 mytts.forum2x2.ru tcp
FR 178.33.43.150:443 mytts.forum2x2.ru tcp
FR 178.33.43.150:443 mytts.forum2x2.ru tcp
GB 216.58.213.14:443 cse.google.com tcp
GB 216.58.213.14:443 cse.google.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
GB 96.17.179.205:80 apps.identrust.com tcp
US 92.123.128.167:80 www.bing.com tcp
US 92.123.128.167:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar12F9.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ed261a5393c2edbd9277211a95b86e4c
SHA1 f185b88df0b8fb7cae8b5707d1c473a06eec02f5
SHA256 16ffa8a3de1b40c4dac2366829a4214db25f025eb36476c9ff46b08d64f2984e
SHA512 124e1e4a838693b38cf31fd0e0ecd83a06aa6dddc0398928117a229827d2eaee0430525df39645a5589f826a3089501a7ac57807ae70c301f8c7fe0535f02489

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8304edacb4ed0091c3093a31b91d2cd5
SHA1 5920134fb3cf058170ce970d9a9874a3c508c822
SHA256 8ee8cfe6e0d6cf1f3caad7134198f4aae691a04256371dcbd64f30b22536b7a9
SHA512 66b50bbd156a110355733cad94c629bb402c60e0d340c0dc975fe67ec160cb7c6e06bfef67b51eb81396b73d109a631cd8605249bf7d47735896832d35aa7798

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 fe327578846213d5f8acb7fbd1acb172
SHA1 f80c282d4d08f6be2c35f50d3de402ee7f660678
SHA256 a16c273ba283cb506841629b66df3f4ad6bd8919bfd7552fa1a7412c037d0f5b
SHA512 971393647e5f0e0843921325b6795bee8cc62827faed544b85bd82ecaf894864812627bd1dd8dbb05268db2e5715744a706b82e184d38929bcef521368e3ea7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f336097f493da7e9394ba468697f553
SHA1 0f9f998e17469490f49e959b367b69cef2218178
SHA256 b08298be1fa442c472b59d16f922174e19d11b6a0137dbba3174f3e2b1e5cd3a
SHA512 712588f5f011adfaca9684d120000931ab72bf7ef37c57214557e21ab70051f1b860d34b0db4fb82f21aed4c2adbe33a4666059417e6d86a264f2068d016e6b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 296c32e60175bf5de4d7159aba7ef2a9
SHA1 cff1a4e9f53ff0bb9a5dcb0bbf61db373cf53693
SHA256 5de080f7e1ed4a5cd540afa363f8c197cb9bc75ec374dcc328fd777ec7f89378
SHA512 0db6351059519a2ebdcf7454ff91405685c3d2390977d5bc2afa7257179e49a98eb23d5f937a15c2523e15812dc8e137def3e85798ca0201b9fb20f5b36b0cdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8bcd1135699a051d215eb1b32f99417
SHA1 363ff36c3ddb5e9b938d7eb4d1ac98369fd61bb2
SHA256 bb3d470d2dfe090279f92aaaf6e533da878d4b284c2e7b59ce12f401bf74021f
SHA512 e9a2ea561be03f8d85c8501813631f55b581cc7503e567ed937005ecbb2549b3f23f515f6234ae1eefa1fac18c8ba4133ddf372ec21e77c03ebe5a69cc42a005

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fde29329b68e995193ecc0f09a2a4b6d
SHA1 e56b2793c181a3f90aa6312311f53f2120eb27ee
SHA256 d75808565973f177061dc6ea5fe8a48a7e3bd39c51db3a4f76e30d55436568d3
SHA512 e0a96732a28ba7196570f919e310931d1663967193217de907e421edcef77396092f0056e9f206126fb11002ee785b99871f6c7953ee693998ba334ab43feef7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1420d09df0342d9e3051b08a7acc45bf
SHA1 72ba99bf3a413df6dd43d68685001dff91afa2bb
SHA256 2d0509cef21dbb71c1abd41f9bc23de3581ef4a73c646292b04fb4f6dc0bb61b
SHA512 1d36fc1914822853736526074ecb00de9fde9b0546fd6b365f3866596d92e44fbd7193e77fba76eaa241d1893c2b1c0b7732e5bb816d12f122b1f0626e128080

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75272c2de1138716b4282d8bc2943fa7
SHA1 f56d14870b8e73a5b6bd97e16bf2e28b937bd48b
SHA256 cc10c2a50746410b6a4c504343515214324619c64b9fb95c56fc387dae48c46c
SHA512 c8449a3a9ed58c948e327800df04f6608de9966ef1a1a613acf0be6f21eaf982edc5cae596b54ddfcf6ec90036961f26b26eb316a47d1fd700f39519f3c6ec20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb79dcacd94196c1db2767dd3674d368
SHA1 41766e044d623c60b8c7a4bcc8dcebfa968267a8
SHA256 71fa086d39870b969b23ab527508c8f0f704be28efdafed6300df628f6c79e20
SHA512 6114acf41064ef3271e3f17294ef6206e120ef373b6013f6f1ecee7695a1271596be5e610cda7c29a97ee92f43181dca5adfc6c824676b5f6635b8329d4b6e7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f98b8856916eb55c9d7cd8f6f0e6ecc
SHA1 2052c318b7b73bdcc7b90054e5c42dff09e979b1
SHA256 4a7fe8840b3056c9b7859ee6c798123d2f6bbd7f9f1ab6b0808f0b862aea6d38
SHA512 cbebca56bd3f8d3d7e916b7d2852d6ec0c832976b8bc87fc32c29d9835eb6c9937b042b20888b15d280c9242ffa2d06c5ea2dfd8baaf1ed93e708bb5a908a13e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27eb4049359c91ec22377d2d8790e1b4
SHA1 a07cbd57bf46e2750387eedb85d344875ae19fc2
SHA256 2381605e535acb1a71bd9d2113056d1b6ac4804da43af4af110d6be8b2a0448f
SHA512 61446b6af95c42b785f772f8339381eb023b4347805bedd21fcf20597bd779e06dd2769cfc375aa83ef17d729c57e9ec65c8ca5ea9c2cf3916ee7bfa479fecc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 4bdf33b3c7b69c19dedb3e76fb7e91f5
SHA1 9c87c237833c70d5e49a324a7899e5120f668119
SHA256 53d662199a40eec86d2a0ef243ee2344cd7c7bae93d0baf94185c787060ba01f
SHA512 a8962555c93edf57547c8b702f7db4f2c43ffbe35721dc8ba58fd2445784bf3fd5bcd8ac64dc1224a8f85c7bd7f6bddcf4e08def268147e8b7464377f6c53874

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d709f876a44962d17d568bfd39fd05d8
SHA1 16e7b7c5ee5c1a3dcf9eca1389b94a400576022b
SHA256 e67765a6f9b29cfe610741795f170b56c4bcec044be845d39e48f57c05487319
SHA512 722f9feadc17a13cbd2ceffe7935fa7e3081000b6d0a5a9ea12dab91ddf8b71f88f832d5cc0ed0cdd8e98e5b9dedb4fe4b6539db3b77bd9479e8a3960fa56b8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb40b95bbe0ad1474a0a00f362091106
SHA1 a8074040b5ac65236d77f1c6765b854879996d89
SHA256 4e15994d0b67b311ccbbdab74f5811dabdab7857fee60e01c733e3ec677c5de8
SHA512 a08d44db934435d06318448145b52edef41f2173bcf7f73cec1d7f8d7ce64f3e46f51bdbaa508a7c01855349f9f15350049b6b52c5ebc556c673f77e569e0b8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 877dcec616e6b6f17d7a0a34619bdacc
SHA1 3c14f98581c6bb745c421cdc4389bc3d49f21bb1
SHA256 33f67e4d6635768eb3eeb41c31057c8e508f928e7658be14fb25dc816d5a0417
SHA512 1204d4cabe373a45d5d5c293635ec741ee6ba87d3c60607d62b07d86fe23c5bb4aad761ccde86533afa631f660fa7840cf8fe783152843af09afbfc9f34b2e03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45f01327481ffa008de09e46bc378996
SHA1 79915b1b90005900bfa8eb82a09791b94360e71a
SHA256 9b9b3a03822129106e656b0cf68ecb1921bce5783df3e87ff032d0821caad278
SHA512 f12967c50ee7a3ae6567c6d64e5182457098bf773ad080f13e584683a77cdea7d9bc636b5b71ec31093ff5cc47e2a7b3e4a942df73c57fd3db7ae74d0eb2d868

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3a27dd722e0c8d45024a2b05dc86c05
SHA1 276d8c2b07adb64888b32f95753c5cc9342e154d
SHA256 9a888acd3da851f2acacb433bb7f659abfa67d21dc30c8ae6f67166bd86644e2
SHA512 f33fc3d9f486c1d6610128d4b496ae43ec05d5be0fad3d263bd7b247546776941ec4c4ef01870d21d83c71bbd7bb7ba111d0d09facdd6a808150337a42c87d5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3032fe1b89d081c114a9b70a37abb649
SHA1 8abad6b9f9c4c52f87ffb0e599c9f90207967e44
SHA256 f7f66a8cda29971c78211993918f50f0c1fbf4b957b356a6f3544664f6f29851
SHA512 9775e7b105615497902a7abab27c5fbebb3a25487f88078b5459e7d4200cca73dd2704f4f23482caa49bbd8bf674a268083a65eef4a76ced7a9798170ec4f4ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c283cd9d034c8f25392ea5571f6e256
SHA1 ba3369ddf61dd652f126ad6ae89e7377d7e8b4b8
SHA256 76042fa935cc2dee303f9feaabee7e138d39b810f85599828e6a0e7f404dec41
SHA512 799c0f3d3192c3adff93d1316a8b464e5ead663d5d37d9c926c8896661368d8966084cd7d31a232f8f178705c1621c46f817663849b5b22bc08e5fc41a093ab1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfbec719146f3d16d04e5dd465aa00e2
SHA1 2ed8f80893f043cb0901f8f1938fa168c3077a34
SHA256 8f3b1041fdfbe8ee0ea757bfdc471745e797b2dbb640768508b39c16d9bb93dd
SHA512 6c7ccb069e7dbfa4b73169994bb3c813d1944e74cddb9a66b4f6e7808c721192567db5d0811335ebd5602a404cab7100966654e007e7460da3935bf21370cc24

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-08 04:14

Reported

2024-01-08 04:17

Platform

win10v2004-20231215-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a693a327ee359947d6452ee5825f850.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{6FB72C06-ADDC-11EE-8184-F21AB124C203} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080937" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1156140250" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1156140250" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1150359500" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31080937" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080937" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d06e3048e941da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1150359500" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31080937" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411452252" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f000000000200000000001066000000010000200000003478cd5c8d93d94055a906660db8503fbb88cf32456da4bb02444348f56cd73a000000000e80000000020000200000002a30cc77fa7fc03d3e5e2ab3f5d36d14947e7b32dd995a7ae50c3386cb09b47420000000f720fbb0502a64bd1ad11cd3dfb6710b579a79eac22639184a7cebb772e4a5de40000000739bcd177537a8e86c4a516acde38a3a6ffcca9a30da9353a15aea1478fc28b9193eb5c7ba596289f816ad0cdc681fe29618f3c67c4bab7897b1a1a357ad628c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000f1f5954ccd7a959cc86c5974afd3b8bdd19e767edf443a8bb56b5e4251e7f8ad000000000e80000000020000200000001333050b069960300d189bfd1a0ec183992f06aa4217058bddec73587b8f4ed820000000f02ec2278fb7fea5b3839bfe47118f6c98442d84abca197e7943cbeb4882925a40000000da33b47eb4620152e3b10f1fba1a4223e5e912214947661588af4494591e4726fcaf159dc71d8d60c2bfe6d101553ed2d4db0b5c45feecf4e80515e93985bf08 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0293548e941da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a693a327ee359947d6452ee5825f850.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 illiweb.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 mytts.forum2x2.ru udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ripurl.co.uk udp
GB 142.250.180.10:80 ajax.googleapis.com tcp
GB 142.250.180.10:80 ajax.googleapis.com tcp
US 104.21.10.57:80 illiweb.com tcp
US 104.21.10.57:80 illiweb.com tcp
FR 178.33.115.32:80 mytts.forum2x2.ru tcp
FR 178.33.115.32:80 mytts.forum2x2.ru tcp
FR 178.33.115.32:80 mytts.forum2x2.ru tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 104.21.10.57:443 illiweb.com tcp
US 8.8.8.8:53 cse.google.com udp
FR 178.33.115.32:443 mytts.forum2x2.ru tcp
FR 178.33.115.32:443 mytts.forum2x2.ru tcp
FR 178.33.115.32:443 mytts.forum2x2.ru tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 57.10.21.104.in-addr.arpa udp
US 8.8.8.8:53 32.115.33.178.in-addr.arpa udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
GB 216.58.213.14:443 cse.google.com tcp
GB 216.58.213.14:443 cse.google.com tcp
US 8.8.8.8:53 0.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 40.13.222.173.in-addr.arpa udp
US 8.8.8.8:53 193.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
GB 96.17.178.174:80 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC0C0.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7C34XGPV\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee