Malware Analysis Report

2025-04-13 11:37

Sample ID 240123-v62dvsebf5
Target 7027f62736369f16b709daec35c3932a
SHA256 8708e927dd0d377e14499ea4ce85d7250bcf15a77aaefa3dacca237fb3b42c14
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8708e927dd0d377e14499ea4ce85d7250bcf15a77aaefa3dacca237fb3b42c14

Threat Level: Known bad

The file 7027f62736369f16b709daec35c3932a was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-23 17:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-23 17:36

Reported

2024-01-23 17:39

Platform

win7-20231129-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7027f62736369f16b709daec35c3932a.html

Signatures

SocGholish

downloader socgholish

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f1200000000002000000000010660000000100002000000059fff4ec9eb5220059ae0dbc67bb3ad536ef5ba18db1d60c6381c4161e18814d000000000e80000000020000200000003337c79a80d616f7a554a7cb4d2f2d9177f4155574046c27752fb993ab7b0f41200000009e23f4a2eedd070c675c7cedbfd154698757593da581f497d190b57ed50d09a740000000f83cdbf7ff242e9e6f1b0cf600c74c5e7af5256647af1e6347110f5b16ac65369f4b355a4e97faa77aa959a6fa83b4f3b56581ce4ca328cdd65917d0949b56cf C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412193283" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d83fdb224eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f120000000000200000000001066000000010000200000001f88470261cb12a2840d01124856b3717834381528946f6068d9bfc231d3b003000000000e8000000002000020000000ef33d989d71198020fecadac1da335348ecd9eae5b584e7189555d3e89dd7cc490000000eef0011e596823f9a200481d7c75fb58247edff5c0e06973e1b759a6d93f0a78b73eb5f6b456eca2e66b887248dc2f93244bed2dbadf44a5d1eccc60ff0f984d0709beef22d056f3fb9e46c90d5fbea8970df1164cf4c28dd7f38d3de04a2cd0402ea4137506e7f748d220d0db79e316b9384742f71c178b28ba17a7ad9e7b91b94b09d9b1012a5a0b6889930c2a10df40000000c046a1d1384c67bb9974d76607bdc5e1a3d8348a40da46152aa2e8f1b691371ec844772edfd49f05dcf577624de2413ba8fefa581db6de179aab9f64a836c347 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{00F5F531-BA16-11EE-9278-CE7E212FECBD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7027f62736369f16b709daec35c3932a.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 kangismet.googlecode.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 googledrive.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 fbcdn-sphotos-g-a.akamaihd.net udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 bloggerhack.googlecode.com udp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 142.250.187.238:443 apis.google.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 142.250.187.238:443 apis.google.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
IE 209.85.203.82:80 bloggerhack.googlecode.com tcp
IE 209.85.203.82:80 bloggerhack.googlecode.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 68.178.195.71:80 www.linkwithin.com tcp
US 68.178.195.71:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.200.42:80 fonts.googleapis.com tcp
GB 172.217.16.225:80 googledrive.com tcp
GB 172.217.16.225:80 googledrive.com tcp
GB 142.250.200.42:80 fonts.googleapis.com tcp
IE 209.85.203.82:80 bloggerhack.googlecode.com tcp
GB 142.250.200.10:443 ajax.googleapis.com tcp
IE 209.85.203.82:80 bloggerhack.googlecode.com tcp
GB 142.250.200.10:443 ajax.googleapis.com tcp
GB 142.250.200.10:80 ajax.googleapis.com tcp
GB 142.250.200.10:80 ajax.googleapis.com tcp
US 68.178.195.71:443 www.linkwithin.com tcp
US 68.178.195.71:443 www.linkwithin.com tcp
US 68.178.195.71:443 www.linkwithin.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 68.178.195.71:443 www.linkwithin.com tcp
GB 95.101.143.19:80 apps.identrust.com tcp
US 68.178.195.71:443 www.linkwithin.com tcp
GB 172.217.16.225:80 googledrive.com tcp
GB 172.217.16.225:80 googledrive.com tcp
GB 172.217.16.225:80 googledrive.com tcp
GB 172.217.16.225:80 googledrive.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.180.9:443 www.blogger.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 92.123.128.175:80 www.bing.com tcp
GB 92.123.128.175:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1564.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e625ee6231cbc64a4a33739cbd45e650
SHA1 7917c887a2ce0d90a5c5ccdd58b574b5c5f9c027
SHA256 9d6a8867bb622c753ea8b0dad3c1c78bb570fc995becd8db19f8a58914817c32
SHA512 6218e79646be143bce148956a3811f54aab266635f488e02336b442e0cb43aca4c87e987285e50b8f642a067a1d8f520c6fc90c6bc7ac11fdddccd0649a4bce2

C:\Users\Admin\AppData\Local\Temp\Tar15D7.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 0c07be859aae14ef521a2e3a55347391
SHA1 972ef010fefb84f5e36243dd34d17033e73ec24b
SHA256 3789f15bffbd71ab0c7d2d1b4aa9fbf98e0d9e5ae059348692953f029b200b73
SHA512 0bcac68b6661bcc7d057c9da583eafd17ae713eb3800e901bbd913d8a21a688ec3d850aebf5808761e888bb483bf514ff5d238214e237d1251af891b1638962e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b65577e02c942f13302fb766d16702d5
SHA1 385234feec3a3cb6b905a8db6090eb04286b77e2
SHA256 2e5d5e2dc1091563fed3d7fdbb74fac2667a6cca4978232b3d4dc5a439d56340
SHA512 28607da63012c8a7485e1dc97a8fcab3c023f83ca2514689aa6b685dbd3015b9f0b59011d19710c70de0d753db001ede6970e852b8ae2bd5924102fa74e33d06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1081880bf0b9b852495ac8bf40b1f8a3
SHA1 7bc8995ee8d6fa23d10c6d02c04bd227ae3c4c5e
SHA256 a60aff53ae090127bfa803ba1bc3bf431502f16b33b6a360d51ecf37e7e9a464
SHA512 05736f0c342c1c33092a1dcfcd4325fdbae5a9eb778e2e8e09c62659e7d7699160d993798c465e95a5a565ae727fe659b92ccbb00fadf64f9f7d2aebf331fac8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5CVB171N\plusone[1].js

MD5 1944af3661da46249991197817b6cd8b
SHA1 f952df40ec79fafc7c798f37aff92878977376ed
SHA256 63326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5
SHA512 0bef19b32be337cfba179ed9ce4533a207cfe645d2e5fe0da9fadc7b01c72704fc89749670d1ac48b8d494675bc62ac089fdc4d8495979226f10828225594376

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYERJRMJ\cb=gapi[1].js

MD5 288c5ba5b7001fe841c32f690f62cc93
SHA1 29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789
SHA256 c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52
SHA512 e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa1b29bff60df43d6ea411c224206997
SHA1 f919ebd05e8edec464879885e73122a5730e5443
SHA256 7ab7d4a10b4252b8c9cc4f52301e6f1d9d7856f66a0def7e220d3f0d86f375f8
SHA512 bd4c4058d0735741d1be194ef6d189b416b6e5be6727e552b2ab222593db09f36ddad0bfa22fc5f2658857e99b7d249a2321666262d30218a516e62148722120

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0af8fb625070a8e7312f2a7950b95dfe
SHA1 80e557d5b73d7032bfda2d0f03f4e0eb5b2afa42
SHA256 a451a0f537493e4f30d2213b1ed82cc05b63ade76626c7267009c9990f9fa1b2
SHA512 6ad410259d31714d605c7d96b3d8cb3708f62cd7a9a4c77d2c7d0c0743e8166c41c97796efc2f531a519ea7204291f0ba490802da064eae3a047c5d27274d31b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98e04c690537f8c3753f146dab886968
SHA1 ad423a502f3587d141559fcb7b74a5acda98a34f
SHA256 66b2ef40694a4b3828ebc8bc60a000c96f0abb82064bf24a5797670cc9062490
SHA512 e0e5b054fb0fc7da9e51ebd892515348dbb1872c110c4583c9ee5a6931c8063bce47830bebde9e528d5d68fb8a0028f605906b841181772d58771d69876233e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cbb0ba975c4eaa418fd86f459e06660
SHA1 2e010275601ec1422d528526b9eeb6ce4569dbf4
SHA256 69022f26fc4d7fc391023122a6c2fbf994b3e81646cebdc9d4e51fa735954dfe
SHA512 00be7be69fbdf05ad29aff1c526e3ff6137a8f95fc7eababf3fe3307c11ab80e8ce6e8f7505e467b75f0e8c5c98e0d0d4e250dacb85bc04e335e0661c68d4902

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 398efaaea3b0edabcaa009b8d44664bd
SHA1 20e619749c44a73504e1f8eae45c9fad9efba2f4
SHA256 59cdbd690fe888a350881404852338778f1ff84282829ab4cf9e8fa1e9713bb1
SHA512 0e214783a8c100ab064845a71ba2ba980472817e0ff0102497915d21ec72d0180b69b31b67a15582f53a8488b5be221d9e99ee51e428ca22ec232b37ab1159bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 178b741d47f2a073564ff297293f8ce6
SHA1 7a5d813e32ff5fb468aa4ec00af4b8e2c83e6a0d
SHA256 31326aa46dd76e99f3d1132fb53a02051e31e2a8aaa68d262b17b51987fa2f1a
SHA512 69dda334af1e50fb311fbdb3170841d11056ea6cb115b335f771d3901ca0090209dd953d10f5b3ce40b4836aedb10a708e546e3127eafd343ef9f237c3c7b12f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76b92828f131f192502f92225af4c5de
SHA1 f737be0219b9027abc6bd596197fe6a2d6a282ac
SHA256 246331b78ebb9097aca8c21eca654598b7f39e285cfb3238868b4634e027faa0
SHA512 ba890b466ce7930d1020decc195bacc44e7986455174f9a268f4b362caef46001c588521e9457f801fff736b32145970d78643c8e246ba0d84835fd2d62db89c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 adc9bb9d29e9a82f7cce46b5cea27b2c
SHA1 cc87b73676ccd3f8acaf5642399a7e7cbf96a741
SHA256 76f822268bde77e49a4a1dbbcc13d35b5d141d380f56c944a893e7e71063a2bb
SHA512 ca06f19702ff653272c23bdf1ea6f5079aeab6c8dd4b49a65f5d2daa6fb5d5548afbc88edade40546d2f7354dd2031baf07ec53d0fe9b743d27887b2edefc197

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a63f377d334d86157bdf322094f56b2b
SHA1 ce8a83b2ce642cfab24bee04c28279410e896a8a
SHA256 39a83e2151e83220839fa79e84cecabfcffef6f476aacebe7a19616dd3937457
SHA512 7fff1e9a4c0ae25b2340e72d99189833ee9e0473912753192c8b2bced492f892ce15c5b7cad20ee11457bc4cf92604e9e0f116ce7696b28587b7d5e110522217

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0db6bc9a74458b9889e802b383661ee0
SHA1 282534f172436241ba9693f81c5d999a3d77b3bf
SHA256 0cc589f6c75ed909af6a6f462a3d1ca43002acf623fd581ea3f84cc852f0d481
SHA512 887652d43ecb0e5681e6acc5b996b78065193b104ffdfa4ef95181255b93b5c450726be1f1030e425710aa76198638264683b5d20eaa75c6a8a05019ab58ee21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 746f708e4686406b0affd8d8488bead4
SHA1 389e6194e5b653b4d67b5f49899dd3850d3f7cab
SHA256 9b121d78e8cc1fd55a3ad18937ea3569ea09dfde2103319398a4e3ef4e5a8dc3
SHA512 cc5ee669fda3efbaeba2c20d526631f2f79b0bde4a5dfc2feac433fb85b5144084ef36f5cc83051d71315fd3e4d9f75a9349d681d45c45c65558d083cce107fd

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3eaa5a0e553e16e83140f73b5747784
SHA1 27f71f99c74b53c8ad748e8b7b4962c73013376b
SHA256 8531ba2cb39cc2232b03cd6fd9561cb4256e5398a4d214b0f2f81af163233bbd
SHA512 694bf6830feb819b380edd0a5358a13d859929d08939537e0f87f83934ee48fc0d8eada7291c6a490de53476954f14b9e3c94d481245da354687978e3c90db2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5743a54dba94ae81b72c544fb7d6cd71
SHA1 e58227c8d68c123cd9c24d8fc9baf01b03701db7
SHA256 36c4db92f2c45ef1a8c0d57815af8ec2712d5f4501be4bf9b8bb884151bd1f54
SHA512 955f9db2caf0df6db1b4abd765326c9f6e3290165dfe3d32650434cdb31976110f98480615ebcecf7a54bfcf1d6a849cd6a72f7eae6959a375ff23c3d8263fad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c136a4a8489f29d4509b38937f3e157
SHA1 5c0b9e475c7a56bf091a22b3649ffa7837f105d9
SHA256 3108bdb89affb0406d112a884fb2bf3f53e85c875dea1bb56c79c8cd0cb71b4f
SHA512 74b2a777bd4e24d5869b66f46a318bf8b43c002b2f0209f551cdafe9f4964f5ffd0e72e1808f608bf58ed15d397c772ee518a2eeb7c7f85413142200de8a7ad0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c11d968f86db207c2ebe15a2729cb02
SHA1 86dc42f807d0e23ec7a102877af63ad28f71c397
SHA256 64977b56b8e89cd56f7b13e6592dec2eb2aa4e06b2e9ab8a93ad1c6bdd05ad66
SHA512 d0d315c825517e455a57b64ff686012f0159ba9b71076b7c423cb88d9627150c6380c7949e63a7d55c98eb8348d6635cb1e691c245a916b550772929053d9e97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 552adbf83fe1b886107994fb4fb96b1e
SHA1 7a0de80cc193af81ef4371cc3a04786e548a1775
SHA256 96ed240692a2e1875b7c3dbe06bda3a057da986d1521171171b184d5df6e898e
SHA512 c613eb441372647744cb4406435f3426879071e07bd018e35a689a0d8fbcf6cf271f24ae0859e07fa7e09027228cf09544038ead71ae62ffefcf682861625f82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b040b17256be19629c22d97a362efb0
SHA1 272e3d9ca726ad665121fac703b3f7dc8be7d3d6
SHA256 6ca740c0c8da444f0aeae0b8cc6ec5dce88b8e70d378f289af5ee38e61e8aaa8
SHA512 ebfc5af3034c4c39bb0512cbaba0ebeab373521a5e5b1870580c05ff1cb60acf7319f61403e4f8b3beef00eddb0e3ebed532f1fd69ee4b3b4f430313512597b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b37b5a50331e1cda79cc594bda7eb01
SHA1 621c2ad71f8594ca21c3f9ccac0b6b21d83dc224
SHA256 4d9a836c8b5b4cf44e9f99e8840195e845578860de34235c7d8662ee90f8b1ea
SHA512 cfa6233febc5c7507409cca6d59609e6ac0bd13c6cf53fd320eade048a92b79e6c9c3aa1a4f613824417bf4b7702beb9b2e0535ffb344e1904e5ba4cca54301a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0199c35f823fb785bc9608690395023
SHA1 e1ebcce2210634158365c741dd3ebfe4f021f50e
SHA256 7fefd2c3c03eff126bf9d826b984958ae9cd8df3840ff22b6d501ed70d0e7278
SHA512 59c34e0a310bef17e721369c5e52382cf36158d58d19505f7e0fe1d26ef6d2dbcc46a763a509c0fd71177e0a9599d98d6925e634d88a83b04c7ee7cb9b78aea2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5622ac0d90080671f0e0c5cccdd7a465
SHA1 c2e8734a7381106b9555f8635972d35de14f11d3
SHA256 72fe5d274ae72d6e7ccf15669e306bac4f6b841f0e7511d2cd070c0c711ac973
SHA512 430846407ee2bcb4704c4b78e6d67fad6d57aa5e17785dfe9889e3b8409247d66e46886650fa2840c7ccac78c404ef36bd7fd933b2233343a8610d80e61c6797

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 617a6cd35a87bc8cadb21a143837e139
SHA1 9a73b9f7d4e1193aa41a8a174bb5148e416fad08
SHA256 609a8d1dfc2b569a4220e3e5a7b6e91aa06411660b0ef6efbd3695253e51e14d
SHA512 c3ece9ab72577250ccee0998b130efc3f9e541292e451f5e2857add4f882ca53f465c85c17c54694f3ba4ecad93f94514be7f11544633c42456ef83f47ce51d6

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-23 17:36

Reported

2024-01-23 17:39

Platform

win10v2004-20231215-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7027f62736369f16b709daec35c3932a.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000056c0f093da428f4099809f3dbcc1bfee00000000020000000000106600000001000020000000135dbfce2e4ea2e2adc0e0d05ca34224621d7a1a1c7cb99e066c79eaa4fd2759000000000e8000000002000020000000439ef08efeecdc3843abee9059deabe1ccd32e35ac2aed1f97f84cfc17d9acaf20000000ec6d7cbd46db329244bb975a2148596a01879be77d5e6cd0700eec7fb95a9b00400000004c725c22f6c9fd89cf9fe9dcfc74121a7f73a12037f3c4693e4ef50ab0bb80b2acfae08e683779dac4d698979ecd61d3f03b40473661cbc43c85ba5f78c29b2b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3634635146" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07b3a02234eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3643853690" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084066" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412796400" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000056c0f093da428f4099809f3dbcc1bfee0000000002000000000010660000000100002000000065ab15bd2e24c6bd82fb6b3a06eb5926a83a74cd94a5de619eb4435196ef8dec000000000e80000000020000200000004e88a707b3135124a0710dd84ea9e1c738585755d6db7bdb68a30ffb5c11f920200000009cd21a2dc46733669422124196ea998dbf0105587573597283151d001634331440000000d85a5d688c3d450eb8edb960cfc7561102f21f8de72af9743f46c80a583cde2134b2db149d8ccad7a90b8e55d3f6ec899e94b13aa5a1e3140db6717650cfda21 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084066" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{043CF283-BA16-11EE-9BE3-72AC86130FB1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31084066" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3634635146" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80624602234eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7027f62736369f16b709daec35c3932a.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3920 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 googledrive.com udp
GB 142.250.200.42:80 fonts.googleapis.com tcp
GB 142.250.200.42:80 fonts.googleapis.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.200.42:80 fonts.googleapis.com tcp
GB 172.217.16.225:80 googledrive.com tcp
GB 172.217.16.225:80 googledrive.com tcp
US 8.8.8.8:53 kangismet.googlecode.com udp
GB 142.250.200.42:80 fonts.googleapis.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
IE 209.85.203.82:80 kangismet.googlecode.com tcp
IE 209.85.203.82:80 kangismet.googlecode.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.187.238:443 apis.google.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 fbcdn-sphotos-g-a.akamaihd.net udp
US 8.8.8.8:53 www.linkwithin.com udp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
GB 216.58.201.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 cdn.chitika.net udp
US 68.178.195.71:80 www.linkwithin.com tcp
US 68.178.195.71:80 www.linkwithin.com tcp
BE 13.225.239.52:445 cdn.chitika.net tcp
US 68.178.195.71:443 www.linkwithin.com tcp
US 68.178.195.71:443 www.linkwithin.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 9.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 71.195.178.68.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
BE 13.225.239.110:445 cdn.chitika.net tcp
BE 13.225.239.57:445 cdn.chitika.net tcp
BE 13.225.239.97:445 cdn.chitika.net tcp
US 8.8.8.8:53 24.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 cdn.chitika.net udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:80 googledrive.com tcp
GB 172.217.16.225:80 googledrive.com tcp
GB 172.217.16.225:80 googledrive.com tcp
GB 172.217.16.225:80 googledrive.com tcp
GB 172.217.16.225:80 googledrive.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 bloggerhack.googlecode.com udp
IE 209.85.203.82:80 bloggerhack.googlecode.com tcp
IE 209.85.203.82:80 bloggerhack.googlecode.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 216.58.212.194:445 pagead2.googlesyndication.com tcp
GB 216.58.204.66:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
GB 142.250.180.9:445 www.blogger.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 201.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 f3990afbcdf64f1f806d1b926cf35b3d
SHA1 da1297f9ac1e9e9e7e78b567006e9248bfc212f7
SHA256 48c214dd545cc2718f7e844d699efae28f80d683340959e000bb41ad75dd6386
SHA512 9b5bc750b2e1038c82a93d51efe0d7dcf951ca594a62a90bac0ca1019d232afd07f9630e1ba1b609e128a9ba9c23c1ea8f1badd9e6b25f3eb591a936c89ee939

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 a823f309a807be1867f85a36fbc963df
SHA1 e099242d32d127b122edc2be71edb497df8f9e60
SHA256 0c0979e0accf00d3f1d2b4c61df50059993b801424a2c388594f5376a0c6791e
SHA512 3398d679b0f3fd6822331f856bded1896644860b5ee77f81ea25f60c3269f3d44a52bbd3412de501943011280b24bc66e8d48dd3742f33ed398663d632a306f1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J6M39GIU\plusone[1].js

MD5 1944af3661da46249991197817b6cd8b
SHA1 f952df40ec79fafc7c798f37aff92878977376ed
SHA256 63326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5
SHA512 0bef19b32be337cfba179ed9ce4533a207cfe645d2e5fe0da9fadc7b01c72704fc89749670d1ac48b8d494675bc62ac089fdc4d8495979226f10828225594376

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FRK3R5YS\cb=gapi[1].js

MD5 288c5ba5b7001fe841c32f690f62cc93
SHA1 29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789
SHA256 c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52
SHA512 e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J6M39GIU\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee