Malware Analysis Report

2025-04-13 11:38

Sample ID 240121-m7gf3scbg4
Target 6d253be03e6fce23b31811746fee1b07
SHA256 b0a4f107ec1add6f330627614e0d26aca6a53761f666f290ef08a13340e84088
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b0a4f107ec1add6f330627614e0d26aca6a53761f666f290ef08a13340e84088

Threat Level: Known bad

The file 6d253be03e6fce23b31811746fee1b07 was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-21 11:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-21 11:06

Reported

2024-01-21 11:08

Platform

win7-20231129-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d253be03e6fce23b31811746fee1b07.html

Signatures

SocGholish

downloader socgholish

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411997041" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50015bef594cda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000cde1279c0d819a4cc1c1d88ee44e873f9b6184a36d0b3ac703399fc1ca9fbe9c000000000e8000000002000020000000b745498b42ec362027fe7049a0ea6f36e82093b8653da95a9cbd7ba17529d897900000006b02b68c9ce4abb60e2054f42c9bb46cf0c3b718407e4a839c6ec046326dc01ba601b607be477bbebccd9ff563d3994d2d24d0466413c935860ae6330132a4fceb8fab7c0275bee6e7bc0aba5025e1a1dd1937b17c93349bbcd53ee42678f7c7779d5d34c3d755ea4e2fed7b3fe706f000512d61527e93abfdfd4fae68eab4efa373c3e3d6659958fe8c97e2d2ed48b3400000004dc21c638d3ae3f60f1da6944011204cd9a54f787e1376d96d858a6ccb0422318781b0b9d9155feaf6d571e8a4516b4ce19425809b3785469a8d197cc142a13b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{16FAC5B1-B84D-11EE-9278-CE7E212FECBD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f1200000000002000000000010660000000100002000000087d8c6ae82b87102a8a5fd8a42b01efb4ebe8b6fcdf1ed0a7bb943978925754c000000000e8000000002000020000000464e9f3d157e2e7c06fdb92b388292cc9a55ac1291a614bb3669a1498a93450220000000c7e68dffb9f100a2e86da59786f8fb3f6a3e3e18a602edbb8ec43b14a0ca7c74400000009f6a61a483620171a4d099ddd59a2b19779453e68d89b43e336dbf94481d810e1a14b609da16ceb5649287d89b3c68786c8bcc5f735333c772a33d365e2631bc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d253be03e6fce23b31811746fee1b07.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.instantonlinecounter.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 68.178.195.71:80 www.linkwithin.com tcp
US 68.178.195.71:80 www.linkwithin.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.187.238:443 apis.google.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 172.120.219.158:80 www.instantonlinecounter.com tcp
US 172.120.219.158:80 www.instantonlinecounter.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 68.178.195.71:80 www.linkwithin.com tcp
US 68.178.195.71:80 www.linkwithin.com tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 68.178.195.71:443 www.linkwithin.com tcp
US 68.178.195.71:443 www.linkwithin.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
GB 96.17.179.205:80 apps.identrust.com tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 3.bp.blogspot.com tcp
GB 216.58.201.97:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 92.123.128.174:80 www.bing.com tcp
GB 92.123.128.174:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab10E2.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c0ed8a2e1fb529b9417d8bc72b7528a
SHA1 eb27e1799407585192c1823e586d945404ef333b
SHA256 1d105bfc972a74e2eaa81c2788dc909c0c136efec4d2acef74cf0a5caf1507f9
SHA512 86c5551e61b4c66be7d6af0a14a0a99e4296e54bc7d70efc9589d5a52b7360d63867f40bf1b37afdd89245ffd838a1a6064db74574263dee92714c08654a469a

C:\Users\Admin\AppData\Local\Temp\Tar1338.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed75868fb2b3fe22560b7c1c718907e1
SHA1 e5930d74cf304346b061e65028fc34b05925e4d0
SHA256 d46f1903dffd0640af1b9939bf9a076b94550b90980c07ec926a5ff19fb82d2d
SHA512 310e323078bb722f07f73288796100be8879bff6c211e51670bc6ea004c9498c8505a18d9a80ca3e97d6279a9ad852a30935e8c7064d2e1288783b6c5941aad8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 81896978b48f05d4850884d73d59339d
SHA1 81d49e7dcf10d27941c7872b65b4ec8a90b4685f
SHA256 1c923cb8d58319753937c9497f0f42a55ca5de04f6385cfcc48026a18fac9e84
SHA512 2109b73ba4422a4bc3f506b9a9c71aaa1457ddb23c4e29ea932ee3eedbb79abdae39adf81f56c021907bf86335f4d325c4bb99b68fec54001fc60632e58171d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a1fd385e078628113ba2afd59f739ce
SHA1 d2d0f8a302bf9362b1a483440e04748c64905d91
SHA256 b890f3758dfcc2b34b18df94301c8f4e6d0790fa0088f00b879af29d99b870df
SHA512 1404f392ff95ae695628c07be6cba784b9c24e718366609bd67a8d89a31a0917d36009be9ebb88db8af6f2cc42b887bd742a9232eae97de39e7663c5c6ab8b60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 6ce7d4c1fa178ca395150410299afa1d
SHA1 e08a059bd5cf6e11a0b1274519fe2b6e4ba755ab
SHA256 3c51e0e6d735a5ad269b407de0297f37dbd7d1fb9bc4dcd0f42bf1f93bcc4e29
SHA512 9a344c5eac2f44539bf2b0f6e9a985b8bf3a7925fc7b3d43956b25597bcdf454f939298704ccb5354461ecddb3638973d9c7fee036ebe55248899fd82474079e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4273b0c68977a768cfed0bcbb892fb3c
SHA1 fa748fd5c68d6db77817300659236e782d738aba
SHA256 296c221b71bd2f540a18a97df9331bc7616da3a4f87db12af28ab030fc8ff8a3
SHA512 3495ccc2e40a32a8663ff32248bc64a051e9659ba4fd2960c4ee6f5abebf8b751e45aa9fae1d0eee9ebf7fd2d663a4f51a4dc8da4e4e67770385b202ddd81508

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3RLIFA2\platform_gapi.iframes.style.common[1].js

MD5 f6140cf2e81a9d5b9bc96970fe1946f6
SHA1 e18cb20a08d0c13d44b72e36e9560aec2187abce
SHA256 68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5
SHA512 1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3RLIFA2\cb=gapi[1].js

MD5 288c5ba5b7001fe841c32f690f62cc93
SHA1 29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789
SHA256 c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52
SHA512 e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38d60126c08639c6fed7e87b3129f591
SHA1 073c61415d6d546a22737b82f802023cd242b7a9
SHA256 d9e3312d791dd29fa261ad9d7d8930c4c4c1df7cc4cec84641413b3f0e247fbf
SHA512 7f49cb56a3ad8cb5b3959c5c73cea48bcfa3a59a4cc3897a95558a2679f4b06a088567dfebba404a5bead7bb812e5fe76b5c28a762649657d7d77db44f882be6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6dac4c175b3cda1f20e89857a869cd2b
SHA1 9a7099cf4a30c4569700a64c764b4f4b84b73a64
SHA256 4bb9fc6819e7b8b6b772d79bec1b277c38859e0cb8934d27b708fe27e737bf4b
SHA512 132b8c452604d776438783562970f92660c0417a29198385d3a089b791efecaf3a969059f57121ef42d4c23cb97fd0aee4c12b92c39834a60c5b88815ee767be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45229388b074145f10791f3321c462a9
SHA1 41c302286b81382d66dc65989b2f4ad782afc1b6
SHA256 cc4a878b6c93a74f9a70752061b1a8fe06cfa84ab691a7359e2228ddc88686cb
SHA512 7904bc831632407f7a88d358f57c34975a17a1e9b9723684430ac2e521a45ab76f311fd09c8bbb5ab826b871ea0b0929f7fd7272c71b4c66b1958d371379b9c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3915cdcaf18316346c028d090cd79d55
SHA1 741a624ad23ba7e4283d078d07df0c6ea80c32ad
SHA256 2842a861772aa9048f51afab24b695fe37a93addd004b3a54563d020d2984cc8
SHA512 8d0620d106e9fd0dc66242b9e932b8a4a748a6c0e6445acdf37213d9775f040768a626a31107d762d4d5407e5f7b8bb549136e8e0bd380640f6206a12579bbfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 156098158c74cc0a2e5c934347468942
SHA1 4747e5d01758e99f6731f6e1f36a0a2019c939c6
SHA256 200649797215097efa35fbf5db327f3d548e8409d2eb6f33f268882763993f63
SHA512 88c5fc35073adc7b633744a0a6bf8e48f54c5285c10439463f7aead1fed54d0a970714bf5bfb69de81c2a074da4ec3214e1632de6071ebb8fc522ca824d1a75b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47e04ff3f9e619531381474b3181cebc
SHA1 8b9e6666abdf1f73c7d60a29a426860d6df52abf
SHA256 aa1abc5170602740a7bf400634144c74aee93bf0372d9e279158553b069cb211
SHA512 123f776b57998f7bd5a5099ef054342e4d0fc9b110c05cf0da3ede818387b020fe072d82ade0d1a6708f5c2206247b4c79d088034cf724a39d2eb968558c5a29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15a4d44762dfb00e62b775e69e5495f6
SHA1 8451147d06b073c1051532dd54ecc8408d1f309c
SHA256 3f2f922813e798b2bce96c116e27ccca33349e45a8f6c7938a6c15fec4f159bd
SHA512 5e95b7d118990c891511bdeaf1a5e5a756d7ac1e751453145a235922e8f7b7e5e0f7e7b63cdf86dd84d818be3ac197d0a2077dde4a801e7dab521d08b71fdcdf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9020be1e0b8f2a408310e58e99ec749a
SHA1 ab7251f6beeda6a7f9331d7ed9c3a65bd6161007
SHA256 e7558c3d8dbe4447a019a71e13a818f8665a910eb27e65314193e9a24b08fec2
SHA512 3a3b9701dcbbdaaa930d28a764817b5f4a45449afec24d8d16ed60da50b8fc4a5190ae01c54f2a8fd02bff1665b26a449965f539972caa91d857c2c917f492e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 7da910fcf8381026a0f6c1bf651717ad
SHA1 97bf379fbf8854358c564030d59a3facb23431e6
SHA256 77be743e38c35ab55cd0903c67b6d48f8d7b83e330bc4c5529d58861aefd3bb3
SHA512 4241a24169fd0e70e966e09adf3e9c92bfdea7e0b5b23a8ce8b786ad3d6baa97ffbec3b0fee95f63a66dd359c9c8be9f8634941d0af58f487d16172a5eb119f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba4c86421a677abfdc0bf5354b7c277c
SHA1 ea947d7556346ae36f2b98a1a9bce836e4ba5f3a
SHA256 07d59f094928eaa176447ea7ec5118c70557bdb4c295ce3c1ef56bf6e980e083
SHA512 43c5e02ae9a9f0eb330123985197c223f2128409a687d7769db70c3f9463e91e3254b80c0a4f126f029aa33cbd1f9241e5ca19420f12df25c5a573f793ccd553

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 541dc3764b61b9254f65da5ae2ef7283
SHA1 bbc0bdda58a07c71ac4a48a04f34a1c9f802e6d8
SHA256 7f32a9c59b3875f58895749e37a0ac399fce1757ac3e2511885bcaf0e1145071
SHA512 4f1a646593a5411a0d8a8d6efd136e33afe222ee22910165631d8736afb7d65b3b9ebd5aa7bc2c087c456391a71cf825d86b2cc6ff914cb0f8dfafae7477f41e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6971d9f31047b754f79fdf6c3389121
SHA1 f22abc1326d70f2b729776b9034494ee65c8c2bd
SHA256 541b417b49d0b0f3dc193b19778432fdb774d8cf6dc5037060101740272979d7
SHA512 5b5e748e10213b935ba179e65674b00034350485a732250b7a786f9fbcf7c3c509287b5166fe5cec8ec04b2e482ba73d94cfbd144bdb9ecbf1f43b10e905b00c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d42831047b93385c5f065f276d0c79b
SHA1 d3b41141d634683f3684ba9f89b9af5306e728e0
SHA256 298b017a8fbd27eb60fbbd1c92056f6b3cb4acdbd2e659654c4a2b2778fa492c
SHA512 47b52b1912f90c2faca4f537faac0d76451bf7d5cce0d4f85698bea50df0544ed2fd6acb787d43cc04fcecf0c701d6ccdde9145527aa4f6fd3242c4c0f4bd278

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f89d1ee7d34c6263e5865e32b1f6d8fc
SHA1 c812e73d8e0f4e16123c918faf0c1ccf945bc939
SHA256 a8e864791ab2de9cdd503e94e85119c0089477cb30220099c2d84ff45936f9b7
SHA512 90142ed087f0331e8f5c6be6eb00039591fce2371642e3b63aaa208d1202ebf5d64b48a4517ef77beb69a9eb840ff1f3868143fb3ad5c8aa1589c2b332f61914

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1dd1408608b16b19b1f419555889b325
SHA1 f49cbb027d2e69bcae07df60b2dbf76515a09625
SHA256 3c6452d211950c792e97d5a600ea32a57784ca36aaf4565503da57a04609256c
SHA512 9873b6563209f111a12363c5b36c28928b3aef1f461fc76f2794b68ca9e771f98894df0a48eef4d1f92ebcd6cc7e538872417fabe63c17def4c874e689188477

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34897b89cdb1be5b2fbfbbbab7dc5619
SHA1 97273bbfa25b7018fc38b810ffc7939e9804f821
SHA256 88f5f6d2322e418b51097ee768f7e413b22d0cb160e03f9fdde8f0d7260b4741
SHA512 d9f935ba1cab810f36b453819231be73a970c8387c599f58fca9a99e3402829ea9b6c501e42bbab602181cc7379a336d07a8331422784d2c3e5f2c388c069636

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7885df6f8df4548722416417d401e30e
SHA1 1e8ae51160faa5a785c4d3ca4b049d5c9a3e796f
SHA256 6b365187b5c6af2fb6ca07b0123b412ba747fb9f2489e03f2b618e3ed71ed59d
SHA512 a061045c69869c5e84055e1c03ad5e460a745f52b2bde8da54f41d7685f6c552305ba324a7e31116bf595b59061171e154567a6ab69a0289f8f209eb0f76a143

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb32c7fa26bfab1571331c6e83f62a98
SHA1 0689e2fa8b59588a8055d7ec688dbfb2b02d13ea
SHA256 39c8c66c70a87b4304e18d22dc00c7eaebf79785e5624a70b7063d0fa9be0607
SHA512 6b57e38a9ba1263aa885401e37ee84181a259a9b964dd706227bdab011cc18610c79fa302d38c1d9743ff1b6af745d50a1e740e1646eead55989dbedd715a51f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5280595cb1b79980c6ad8188b09ad95
SHA1 3d324a673994a9b5a006484e1a657f44b632942e
SHA256 39ff5482a85cc1f5f3b4aecf0bd21c640c7192c385f71f146ef6cf26bc175b28
SHA512 432ad63da0b19c377e5d7d235ba1b0072c5e8f7be1b2e158680006aec31db12a6ad419bbb49d334003950cd1849b7eb7d0cdcccda18b18dd7b0740672c454b21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17ed7020f88ab07c882361db13608035
SHA1 0ac18f31797ac75953e86e8c84941c02cb61c0d9
SHA256 c8efc0008aa4514bb77419571ac7e1466a2127ec47c6a9c7b13268a4f98ec198
SHA512 40144d03c26acddbf1ca24e19974a6fa9cbbfb08f1285b524db1f33f387549a584597a3d61ea54b7a7f1c2a51cf52163609510467c2e4f3a2fd0fbc62189e01d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20dda431d0c0ca10fa17785394b9b48a
SHA1 5282ae7eed6c77445b131b97628312cd6831cde1
SHA256 3f2252135d4622716f87ebffaed567f43ecd78efcf7e1f0880fc20f351ae2345
SHA512 a4f1af702e4ad7951a3904e5d67dfb0ff7f9a61131afdb2cc6005f8bc3c3b6f3f480597ed19b322e047905b1877b6327046e892fb13ee66f57be28c35aacac01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbc1d47a9c5f60f978008646cf766416
SHA1 8aa4272c67bc5a0becf9e0d1844bc0f8b8af68ef
SHA256 a9ac49805829fc9987b6b183138593e5cc05756184c25f7e78ae2894a19361d0
SHA512 8ac9b8ad4ac61929a53ee4fe2b2f4e147184b4b9f4460d44ed599800c95e57ceaa8915c2944f208750f51953f6c382ef88c8c952d130a14294944663f471ed92

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-21 11:06

Reported

2024-01-21 11:08

Platform

win10v2004-20231215-en

Max time kernel

135s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d253be03e6fce23b31811746fee1b07.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ed60d6ae529e0e4187beee4fa1d8750f00000000020000000000106600000001000020000000245b71404219827119d69bb40ccaa8090e5353b5fe655741c3215b84a6481c3b000000000e8000000002000020000000a7b6e716b7ac66284231789bea00072b0f0345ce282bb414273a91cda9f92a9720000000aae7105daf143ebc453004871adb8f5e1628abd20b8816ea759e31f5b843dd454000000007716cbbb607a4eed13575879b6b062a9e8a9832067d3f92305cb98deb507d49c8b41c3faf7b2e2f49040bc07cea2d68eb9b1cbe7e1aaae84374d90958771c50 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4007592118" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a055c3005a4cda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412600154" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{19A1120B-B84D-11EE-8024-524326B4BB5C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6023db005a4cda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31083609" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4007592118" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ed60d6ae529e0e4187beee4fa1d8750f000000000200000000001066000000010000200000005f58422a715d93832c06118753969b72147941e0288f8fbeb6bd2475db14971f000000000e8000000002000020000000aa937b372c50c5a5478e9e3c7c0acc1f20a0f7b8229783cda5508e8e6b926a70200000009ee9e5644da6f4f681e8cc2ea379db3734f70dfd2fa01dcbb9cd41a75babbec4400000009bdeab1cc86ac4d71e61c321693178a6f8ea69c9c9a8a98fb1e072590e7fb96f094a973e3df8a5728b45a6b2677f0eb602e0c7c3e31ecb9e13f53825b816e6e5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31083609" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d253be03e6fce23b31811746fee1b07.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4704 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 68.178.195.71:80 www.linkwithin.com tcp
US 68.178.195.71:80 www.linkwithin.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 216.58.201.97:80 2.bp.blogspot.com tcp
GB 216.58.201.97:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 www.instantonlinecounter.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.9:443 www.blogger.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
US 172.120.219.158:80 www.instantonlinecounter.com tcp
US 172.120.219.158:80 www.instantonlinecounter.com tcp
US 68.178.195.71:443 www.linkwithin.com tcp
US 68.178.195.71:443 www.linkwithin.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 9.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 71.195.178.68.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.187.226:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 158.219.120.172.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 193.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
GB 172.217.16.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
GB 216.58.201.97:443 3.bp.blogspot.com tcp
GB 216.58.201.97:443 3.bp.blogspot.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BPK32G26\platform_gapi.iframes.style.common[1].js

MD5 f6140cf2e81a9d5b9bc96970fe1946f6
SHA1 e18cb20a08d0c13d44b72e36e9560aec2187abce
SHA256 68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5
SHA512 1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M4T5ISGA\cb=gapi[1].js

MD5 288c5ba5b7001fe841c32f690f62cc93
SHA1 29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789
SHA256 c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52
SHA512 e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 ecbee8be1b3e68b8e56274a975f204a9
SHA1 1f1c78785a4971aa3f1bb35fe28417795ecfd6a4
SHA256 39266a7cfcf244879b79c5d99dd6b259063f954bfc47640558e773810eab1be3
SHA512 eabc00ddaa5d31c3b80515f9923ff193e89c1561e3f65dadde2e52d91ad249f6c215d34971b58e54d2643368e3712a01c1dfd7ec362f651f8ac3cb4bc8aeea3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 c070c537976def9dd4e8b1ded4cceed5
SHA1 5a8e1598fa98897a3b3ee5092c814cda8a144f1f
SHA256 2178a36c836b6e56f782e4cf8d24f9b582774c0cf138a0c4b8c808f3fcf5b7cd
SHA512 e83ffb26390f6b13297d135f83a762b35959b1e71cde667814244f74d0fa52b862d67d29cf952ec5ec79f2c0815b89cacb73fb7596a3d42a518bbf33545f87b9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verDF83.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DV2I56HE\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee