Malware Analysis Report

2024-10-23 21:16

Sample ID 240125-v71hyscgdk
Target 751d1746903d4871da063a62ef650feb
SHA256 3abe50ba0e46bea4612e25a5d07089fba91299a33b08f6e336714850c0513f8b
Tags
kinsing loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3abe50ba0e46bea4612e25a5d07089fba91299a33b08f6e336714850c0513f8b

Threat Level: Known bad

The file 751d1746903d4871da063a62ef650feb was found to be: Known bad.

Malicious Activity Summary

kinsing loader

Kinsing

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-25 17:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-25 17:38

Reported

2024-01-25 17:41

Platform

win7-20231215-en

Max time kernel

122s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751d1746903d4871da063a62ef650feb.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20f62f6fb54fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e91786640000000002000000000010660000000100002000000030c26052eabc11b4e04e1c53a9fd17c20033c663c40c3516b3881dd79dfda9e1000000000e80000000020000200000004229028adc85916b2a12e72b616ab5fd6408dec101ec931aa1002674d2842e0220000000b491517021a3279c83dd9bafaf667e83f82cee49e9c3191336b697da485861d9400000002ae913dfb31a9700df5d3741c221b9fb75504bab550f901acc4d04fac11565afe2a0210166da91dcd05404733496c73b10725b1b653448651cb0189d8e901ca8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000e62bc39a69cf98c6677f9c2e3296752027bd3c81e381c30721806b62fa806dcb000000000e80000000020000200000002b0b434d2dd5777d4dec436d109487aad3587153564a4fba7155e31f0818623a90000000965d6be2a79325bcf47e6c0cfa5d627c38227d30cd28af14d9bf2ce35a571dde4c948d6868c13561bfc29f8293f5fb33d7c3510cef9bb6b8baed26899a7ffc54e22b48c32ee2abb329cfd27542586a1ada4fec6fb89f8e63529b83483b8342132159208c76d49d0ede4a99a98a5c01b82c046b1d66b682d0e46fd746ee77a3c1cc4c7b5ad09aa18f246934ce82c1f4ae40000000a17cb228bb08e646adf61b7d666fc175734519a8847b641133ddf64be72d309b96274a2d038f1f5183eff8acbdea9639242eb5e185635c3baeb6ca5c6d709417 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412366192" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{955FCF01-BBA8-11EE-A00E-42DF7B237CB2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751d1746903d4871da063a62ef650feb.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.10:443 ajax.googleapis.com tcp
GB 142.250.200.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.130.137:443 code.jquery.com tcp
US 151.101.130.137:443 code.jquery.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 kit.fontawesome.com udp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4D57.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar4DE7.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9263554d40952be9c68cec8fbd4d286d
SHA1 9fb3757fec43d8c8ef11c0a241dccaf0771ad5ba
SHA256 9985a3357f3ccbf35afc6a366b6682432868e8cafd19a771d31821e0d33201a9
SHA512 f584191d0eea040a77e3628862ea728f1f5a2992a4e80eede52e3ad40ae750b8db678d96af88690c01453fecb29cf05c6cb17bad2f8d8f9638cb2e89d2fa5a08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b9544cba5a33714af532c26ae9ac791
SHA1 0dc13684337a683a5396d2f0ee93e93f695ec563
SHA256 8a3c56370c1b638627fc71ee6cfef0d717ddc9a2aea5dfa79d88b5fadc911df1
SHA512 8f7d4d3190796b98c948c4687c5bbd22661b8b2e6d3ab306c3ac32a37ae32d1dcec83e3a3b66c4ac46898e69b3d94f2bb64b6278ed9070a65bcbc7d057e9cb10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85f5e94986cbc21b77da9dea9e1ad1dc
SHA1 1298e101f3777b873aad70272e05e2eb5ed79e96
SHA256 4fd3128bf6e087585f68eda3fecb4cd06da25fc06fc60567d2a6953efd61668b
SHA512 259d29557b3540f58b74c44492084a831bdbde924de9ee693ade41950925de581c22649658d238eb7182dee5af2ba615ccf89e19a4aa4c041385a5c62937ddc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d88af2bc65b93f19e2b232f1baf3fa5f
SHA1 2e8eaaecf378294c3753b1f542b86dbe38316ed5
SHA256 08bbd885ae7ce53bcb004afd912c89e52f6c20e083ce3a5951b4f3e58420cf58
SHA512 13eca7a944c32798729423e592d0e3d1f170ba72a8faec621fca60dfb6cb3a4203f5d8605bf3afa4e505213bfd22eefa1e0b925d4f5897b8890b6fe042172890

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5744efd0a58fe240a8b9d9050987f68b
SHA1 332cc563bcdef2b818357a236d274d303c69c843
SHA256 102598dc155fdbccf16b443322a75a3386b23daceec743e5950bd3bdffcd066b
SHA512 8a06245d1ffd257df0b30ecd585080d6cc00454af7829cc997083c91b93af52f79febc73f64f8ce257b9d4a8957ea45da8e7751633deb7d8d1f07240d1b7a308

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV6H14B0\jquery.min[1].js

MD5 2f6b11a7e914718e0290410e85366fe9
SHA1 69bb69e25ca7d5ef0935317584e6153f3fd9a88c
SHA256 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
SHA512 0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1CCB52I\jquery-3.1.1.min[1].js

MD5 e071abda8fe61194711cfc2ab99fe104
SHA1 f647a6d37dc4ca055ced3cf64bbc1f490070acba
SHA256 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
SHA512 53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a661f4496a45a8c198ae9140cc6fd223
SHA1 59dc18d57c1a92b3f7d842f7b013f0a47014d2ab
SHA256 b130229c6451ea811cb191428f95cf08e532759048698c3e8abd09a6c5ad95a3
SHA512 8e8075e93e61b483461b628a2339c209c6a2c32afa43485c7cee2ff9b92f7aad0658c644b26c263cdc373f676826b1fdb2dee3a3344b2af23df4dee4b667cffa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 deb73a5ffb2cb2dcf1c38b4fbbaa0a03
SHA1 9cbbecdcf5050b804fd3dfbcf7223d910182e399
SHA256 a10f3dd5bdd6cc9cb5c578fb347bd41b4a6db65f54f674ebeee500a144b73647
SHA512 86657f9209933fb7aa2f90b89ef76f81097aebed4a33349c7f7c7b2a9c45bed4b4fb0b8f54c008407e98db9fd3234664edab0882b08d03bb3d9fd3ee0d502496

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f14560d0990b91777440bf2f036341b
SHA1 f8f52a443daaade92b048a86f2fbf6fedf506946
SHA256 e512e0d4fe4ef8ff0372e8591c55a98449279137e2fa2564948e4ad05edd9131
SHA512 d96a92d8fda3973584b67ce7917417830356e0a03e7d00704b07bd391126244b6290e151fdf972008719a70aad456d89f1f34d4d0ff6918d0c7812a0678bc63a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c6382fa0bb6fb4a96cc244bbc64ed08
SHA1 15416d56149b0341d71648146c57b56447ef63a0
SHA256 58faa53790096b361f48b3b341f2f175aad6da8b83019d55b2840a46bf3dac04
SHA512 42433be30784714bc5e97f75b432ffda857a9adb7d733666f1fa6ad8300e17ede151440084017de20016a0fe3a12b2616f3dbf3d2bb19c824dcb2aa1ecad6f3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa84ea1d65627413baf04a0689758aea
SHA1 36393e7bed1f03e9b9f8f9e7bd30dc40856de3fb
SHA256 287a85805e764b8e0b557fc94f1bd7241b0f0b07dcc3d1b2273cf4c2891a9bfa
SHA512 1ba765551d976374d78381a2a2ed8aff06dbc50a5246a1883e76ff22b92b2e8667bcee8f2c49c3f1560ba87d58a7073c3efa4dc4650294acb3b09d95a8c5b560

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed485b8206b5ea4da756343f323b3792
SHA1 f7a1393272c965515f8d4c87a14cdd6914f48176
SHA256 6b6045f051710a6f23a6c0b711bbc284cdde9c69fa08a6371940abb7e345a0a1
SHA512 6eb9a0f7ce8c5d352d0dbfa8afd7f8d67388f0cded8d6160f08eda619306e3ca556dacecbd3a1d5a7ed364b878cccfbb73b4f4f571268340eaaf7aac749092c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cee78fa8082fe79f50373d4f33cc07b
SHA1 0154950015248733742f4e6959fe5732f3cc19ee
SHA256 aa43b464140ee31ab3565608b90e53aec4e6f1878593066281c437e8a251969f
SHA512 7bbbf6f31a1b977d7ce28d5d639a5464bdc34888742681d856a0dc8fe3131bf4c9b8539e353c612469666e493385b5b372e1647539260f3f74b1beba67d3b75d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62324f5338f1d49bad757afc7b233e20
SHA1 dbae9824172f449160bfb0a13e6d59665305f4f8
SHA256 e0af70ca9172fbaf0e16953ace7cf3f4271c348940654d56f524b0af774b5cd3
SHA512 db9d51c39ac62d6881155751118480dfe4f5448efaab10fbbd48b329c6ec965fcbaa179f3914ee17f70e80893b1fbe7d6269b5b71864d710c90b0e76ec6bf818

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 555b184acc453eb586b85319b3673e2e
SHA1 6f5a82f700dde36496983951b0da9e0c0eb95315
SHA256 4ce0dd823749474d8df04ac2487fdc6b27ca1d8558da2f42467014f510a6d17c
SHA512 8479b2710a7bde10bc05aac4069b9f73bcad7fd8fa481ec5da4721535a0ae9ec2a8df25ac4ceca0c5a8d6e7a08569e622c8566a2dad6f64700c254139d0fd33a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d91bc9e42bfbf59f7f4c3be6b53d4aa
SHA1 9db0025ccf5a69e792180fcf30b5a8d37981f05d
SHA256 f8c68656e24efc3bc25232335e4c0d14212c0a13b8d044fb921746b0ad044cc7
SHA512 85ce14894e143273d818ef75fe88488d71adc2082922f981947959115bf94e17d557fb51467173b36b4e936a0b9df77b986f449304d4c9ac83b93bdbc10a9491

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1J1BPYJ\beacon.min[1].js

MD5 dd1d068fdb5fe90b6c05a5b3940e088c
SHA1 0d96f9df8772633a9df4c81cf323a4ef8998ba59
SHA256 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
SHA512 7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60d5f9e4c258e5dc9c001b6006bb7feb
SHA1 3182745910a4592253bf5a7b7b23e628b1692455
SHA256 0572a790e9d0685b57b745c97546b8a7dc08fd0c2bdcd88965d3a5c60bad42fd
SHA512 6f3493a08b6fb81d5064441394254f14156f2c6abf3c5bddabebb2299b0dc4b79367109be85beba692efc6a32bf749ef1f396d0b0f71916e7f59fec362d716da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98b6fc7d72b67adb67338ebd51feb865
SHA1 ff6709215a2c9b9e5c22fbda99b6411a9fe5fa18
SHA256 60257e4c522a8e31fee7abdc64a2e36f4a0b1d8e2e3d1c991c1d066236ba075c
SHA512 6b45b2acaba93fda85d80040fe85ccffae146c6f16767e91578578f8aefa3f1c75503f6a2a29449f045ed2ea8d9badc3ce7824274227c8adedcf8216c49930dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27bfeeffa006c741c0f33f8ddc9ca89e
SHA1 c3e5a30027c9b70961b1109cf7fa03817ccd4f4b
SHA256 7b360a4f093da4cb162e15716080a4ba1027342edbe2f7f98467dd995a607cdd
SHA512 f158cea5cdfef427269b27136efda5f6cd50a52f7df123fdacf3a43f7726fb5004e8d6f482aff0c753699f71f751828ac7a048d4b34ab41171b5de7a8a7f0f61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6da2bd1cf04a9ada566f5c866cf8f9db
SHA1 8df6b6ea937cf2f16c8772b4fe3be2cb096c816e
SHA256 caffbe644ea6b433d832f5fd68fbdc69480611239dad685b17f7a5f8e3626965
SHA512 79aca1fe8d249630551b5a1033dea77f3f434ea1819d8261e35768d3c0b8b425610c59a187ac67af0038415223ea7aeb382ebad5148699df2f33c3c3098753c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03c2cb81b521ac43fbdb90f98cbfeaa2
SHA1 d7047cb542f065090fdfcd09aa47328fdfb85afb
SHA256 373c9e4f043e236d7697f0c4d1c93c2de585b774e02c1e93f9d0c70fd32278ad
SHA512 70f85ec0d363c144ec793ef43e3fb1615f8e0ed07163768a1b23c28beae1c5ba9349525d224f974c02a8b20915d5120641cbf3fbc510a9b1126bbd6c43c18ca9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68ea98ec17be45f9dbaca3f8b821f005
SHA1 0a190b8b27b3982c1150a8ca4a0165613e604086
SHA256 16b78020801cad24991ddc46cf527475ca92a34826be591c08932420c961534a
SHA512 9b731c57aa5817019d27f0ef0794a233c66d6d70248fe90bdebee45a793f1590c275ae042918884bdbf6f9af3a7dbeadf5366205e074b61471106cebe211a023

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 835f0d4686c3416d3557da37766c7bc7
SHA1 ab74275bb9fa8da4656c9c8ef02295425c2209c8
SHA256 90dd534717d9a3b6634a47ac1686089758bb3c9ae1e072cc09c4d24a7ba32ca3
SHA512 faeec79b1f7ba935f66a37b6f84ac8c422db3570ef8a18c50504aab07dab2c4c7505baf116fe22f8c02a52c589bac656d5e30f4a4acd2f540e62f0ffbba2b6fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e7185118a19e309035d19c0521de916
SHA1 d3a51a9cdabedb573cfe7e4e85bd6d7d59fd1279
SHA256 c470069a6382ada332106df374fbf2b5a599694dbaf265f45e1b22f97e5f09a7
SHA512 8c0170ac423b4254a685b29523a01a72a7b4dbfbfba012ec53e5aee777f47a8dec195285b6a29ca30aa848696a26491feaac8a46989c0722ad85324b31daf73a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e5a2e47126ffd1c65554f841d6a3699
SHA1 3c7ea0cd40d4323f64646b734856bd8b820b889c
SHA256 e9c477fb7f19bd1353edbe5c9983a2e0dd22bac9e6be1b8c4597900cd56f1480
SHA512 50b310a0634e73b5f3c3130ec2ce958310d30ee6b12f7be78a1952040bcbe6e101470b55c960bbbaced03a53f293d15b95d45035111d2bf74ea1ee0564bb0208

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f10dd030d03fa23474bc147b14b45375
SHA1 0c187be1a533a1a229768153bd5cfa2a4b8b53dc
SHA256 2d46d1da3415ff3becd7885c18fc2b96a481642c6600dae03d0f0792ed9e8f40
SHA512 c63f56ff00afd461a1c9f033c3e9536f84d9d6af68cb4243570c588688e3fcaba5f92e277f394a3b4b6e678d84811d98beee2a99b91c89ef6dcd3f19f54c50d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f1b3d0d2b733536615aa8415d7641d7
SHA1 eabf3ec42f53e740cda03e30190e35427caaed53
SHA256 e52967636a90a9ca19776149f2fc5978fa63bac6d27c2902694e83d1a099855a
SHA512 e3b364884b37e264f2b33a9f4a0c65247e87ccd587ebfdefa0356e49226edd74b07c05fb62c4429da7e90e858d1ebbd61562fa891a8dfaa1a8a1d71803e509fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75eb045d1ca101527e1a450e6330ab99
SHA1 209222db22b2d1108d936e44996d5dad35ea4ce1
SHA256 538bfed6c19fb698ad5ff857e719f3164272e3e434e5ebff97bfdfae14ad13bf
SHA512 2401dfadda1395dec97da0b7de9328466757b6dab4f14611bf3fadb19ccc97f1baab8b78b9394465fc4ba780a1d13915ca920cbbd7e3c05de0d78711d8a8f43f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ab9518a0f1be338617ca06517daa36e
SHA1 e4f8256bc62344acec8dbdb4ad9c3b82ef15a4ac
SHA256 a50c5b86566f3df5736857028255029ab903315c36f1393ad008f6bf6ea795a7
SHA512 01f7f6daff3b3a1ebd9558b4a8204d5ee9e5cc52fcc92491213d31935f3d995a31d39edcc60de6aa475db3ccb5e651120f933d24dc3482a3b8af91989e7614c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d0474722f3aadc903a9ab0cbb48082de
SHA1 47619570393843630d856766cad7d67c589d48c0
SHA256 8e3cc0b25d2ac3e8113cbd177c2fb0daddb652e8a11fc352c273c19f12b048a7
SHA512 cadd757fa06323b16b4120551e882b027be2aef48188327c47e9d1fa6b4941cac3b436ff8614961072a4ed855bae56cb2743abaec7dbe94f454b1f3f80f4d084

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aebfb7f1c8e88a4f6cc73914c7f4e828
SHA1 6429290c82cca1a0b66801df1f50ea19d1a9815c
SHA256 8f8ef4c8be4259a38ad82ddcaf776fa599045006d771b33cdb177098d97c23fb
SHA512 43ae3c774753e39dce77344300adaacbe2be5171314c7b46036e4aa5ff6195d5445aea1f0ecdd0c38dd5e45546a47145a85fa388833dd0b815c0a89db1d48315

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f344065eec2227fc48aa73cd21afe59
SHA1 3c9a2a761f3667e1515eb971a6202ba9bf548112
SHA256 b9a17fb9c0f5bdc2bd4e58c72f337cfbab44ecb368007ffdfb7ba975e985b39a
SHA512 048e9bfb6efcac2ed60d70e73177b5b8136f172fbc28d0724f9c3217d940dd247c62d5f3c384a11c785eff20ba04e254d4f8e20ac8433c2f6b72e11d37004ec7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca4755d8bda8e22e8f280cabc780d3a6
SHA1 af0fab59d19c2bfe6e367c6ad4b061a7f5976ade
SHA256 146aed70f3b7e7a57140f8453e9321c29152315181d96dc45dc766175c3e6416
SHA512 a9a6dae5be1e1c30ef43db6e7bf6f76d6f39b431fe6b75c6ff8bbba72bd2b42a9b5c1d7c5a14682f28becd91ea61e59c220bef27cf257c80e1e03c349f12dde8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26404c9b3037ebe51de36003abe354ba
SHA1 47a7d7befd09f1e51f0b08aa134c885ff7f66e4e
SHA256 4ca83af205bedecc0c18894e8fe3764559b64b6a06f94e6c6318796a71161707
SHA512 9d7b33e10d82139a456ba4d5dc7a85cb179756e1e3fe6eff99923a83ab7c97be2de25491a929af1026bcb4e87f8c01dec645d6808b49441d6b71c0f5ecff4806

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6e7ab56fac4fdeccac49d871d74db84
SHA1 22b2809790d4e806cc467810b1c473e863c33d7a
SHA256 cbc1a8294e633919a5c60452ad8f10e56455cdcbe903b541f10b87fbb4782587
SHA512 d98811cd2df671bc25d9ab51cc99fa29fb7b258e13d3cdd556e4ae3dcc4be4c86c1d66d6eb8188aba1f85c18cb14c221ecf72ddb035afb59e9e45d6460b33cda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b1458b9c79b312f2e1c132bb8133f85
SHA1 9f87873de3af2ef8024efb3ab21e7d1edcc2dd75
SHA256 21b47e41bb460fa8a017f5a46d67962b0c5e5c83e73a01700f52b3ba04e2343c
SHA512 f17a71a04ca13aa690ab3508b71b8e83cccc1e4287fe02ad34a0d2c00ea27a7d083697225f6608032caa381ef4786a4c9b44c87e64e74f510f7a4fcefe827792

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7a515965820d17b27ea11f800c5b2d4
SHA1 df36fc4541a40cbe5df93dd42a6bac08495e7229
SHA256 20e0eba8fedfa3c29e205d0375067e78c370a7ac4d575ae32af983ad168bfe1e
SHA512 5166b2f5092b0fe1eaf143dc46313c79b757fad7e5ac2f50c33817340ede7af9f5ec203fc9acda048a2a34318eb395b75bb70e83c55ca0fe9f5a7c8e8b913b1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 fa56f14bb22e1f217a19b0ef453273dc
SHA1 2a3eb5ad8061f5e1557a3787bd2626d0f96a0847
SHA256 eef7203248b63c467e5ebfa1092664b89c4892dcc5ac2bb79d8cf9ecfdc93f81
SHA512 b02a6a061b6c6c1d7b3800753dff59c65cbe7080fae7b1a7781e6f1e33bdc8c0fbbacab25b359bd8b6d19e35acd89bd8f7387eeb2637cc489e5b28a4f92fed5d

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-25 17:38

Reported

2024-01-25 17:41

Platform

win10v2004-20231222-en

Max time kernel

143s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751d1746903d4871da063a62ef650feb.html

Signatures

Kinsing

loader kinsing

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1760929090" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084469" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\User Preferences C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c221304981e5f4bbaa9a99b1399bd8a0000000002000000000010660000000100002000000042935eb3cc3e05aef5a1b8dc9cbe2f0cd3a880555ae66771a7aab5637dd4d0e0000000000e8000000002000020000000c39941c5f269964c84ed21b7afcd02587b967dd5144b80933bbc97e015ce191410000000314a9c236af9f135cec4c34a496923fb40000000ac29c9f910ee7e5510f68aa498d24a9db8ac44f1c0d81c81538dbfae82af07f220298baa227bb35e08d241e3061111d6c63d796232d9021f15a43d6e611e1e74 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c221304981e5f4bbaa9a99b1399bd8a00000000020000000000106600000001000020000000a4975d12729f900e0e0dcbf3069e8ba1cfb3e6188c7e5517546e2a5211472d90000000000e8000000002000020000000750c3a800cd33e83f2f0124a19f1ea4469567f2a3a68bf15edad01d98a8f5e0020000000f6ba7fc2e72eebcfcce40868d4e9faec3c55579c1724292c32a4d2768a7fda1c40000000c6fbc3d8157efc0815b5c879afae102eef90a5de3915b2973bfc09ff353e3a5446248d30e59a59e7c5926e21fab2ab50b6e140d0b98902d642b8b9f505b2e34a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c221304981e5f4bbaa9a99b1399bd8a0000000002000000000010660000000100002000000093f6d2d114447831ce63b1b7099a531df74fd6ff71795cdcd9c4f66af9c4f1b8000000000e8000000002000020000000506e86085be5b785ae49b98790ddaa25ae8876f2554ec863f2f8d02d66cf603c50000000e9c4e4662f69e91e389c0781e6ebac8d45cfedfb802494e5d67bd5b9dfc3047ab010632cd81cbf8f267e4959d23888c98cb35a08b0b4a361ddd9881610c2a753a40a26401baa216da1730345a21c11fe400000002c864189f1128cdf81812cea230bd76c8c6ad3fb9978f213b01ba2b09f1c5fac69081aa1ae51035334371a72b5cdacf1817725f95db058318abca7a10a58722c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 404a476bb54fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084469" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c221304981e5f4bbaa9a99b1399bd8a00000000020000000000106600000001000020000000b25bd2678ef6f8646ed0ac65bce87a157831b44e35ec1a19dc0b86b15b6607b3000000000e80000000020000200000008663f4cde5bcb1fe260c93b33732802af044d567e0b1144131c54788229968bd20000000203452313c6d13ecd771ed5ba255c938f14d100037747f1346b77d42bd909951400000003806e1963a9a7c76a33fa0dd6b40355c6e153ad72b865dcf425384fb835e18b8aca252831de2f594416452578ca70dd90fbfcd63d2a0b622f9c373b6998fecdd C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1757022969" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 204f4e6bb54fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1757022969" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9456E6A3-BBA8-11EE-AA35-DA96C499C6F0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412969295" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31084469" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 0d1285d26635da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751d1746903d4871da063a62ef650feb.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4932 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 172.217.169.42:443 ajax.googleapis.com tcp
GB 172.217.169.42:443 ajax.googleapis.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 kit.fontawesome.com udp
US 104.18.40.68:443 kit.fontawesome.com tcp
US 104.18.40.68:443 kit.fontawesome.com tcp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 172.64.205.20:443 ka-f.fontawesome.com tcp
US 172.64.205.20:443 ka-f.fontawesome.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 68.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 20.205.64.172.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 92.123.128.169:443 www.bing.com tcp
GB 92.123.128.169:443 www.bing.com tcp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 169.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7V1N9ZS9\jquery.min[1].js

MD5 2f6b11a7e914718e0290410e85366fe9
SHA1 69bb69e25ca7d5ef0935317584e6153f3fd9a88c
SHA256 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
SHA512 0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GG17NQDF\jquery-3.1.1.min[1].js

MD5 e071abda8fe61194711cfc2ab99fe104
SHA1 f647a6d37dc4ca055ced3cf64bbc1f490070acba
SHA256 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
SHA512 53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8D1Z5HG5\beacon.min[1].js

MD5 dd1d068fdb5fe90b6c05a5b3940e088c
SHA1 0d96f9df8772633a9df4c81cf323a4ef8998ba59
SHA256 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
SHA512 7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 1d7f25dc2d6699e79619c31ff8908f6c
SHA1 de3c1be6c3f3e7f6eadbe715ae575794e5bf1221
SHA256 845c8a47772a9c534cf13a177c83c40db250a6dbbd0a369401ea884b8d058d6e
SHA512 7a6e1765a31821e79b766ea0675ed17d735a40766d5fcd6cc305a8d33b8257d11e492d4ad8626f2909e1c2c2d93e8d04ed133effd0a3ec29324ec3ca36a22a1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 9ce73f8575202507a6afdc8e3561cce1
SHA1 07a6fd38243172eeed4a7e191ba9950dd914634a
SHA256 e4b5ddccfda62f238baa1998991391a84cc512bb3b651d6e49a4dbc7731a5201
SHA512 bb43e0a23f085528e0b920bd20e3f726887a730c64bad9a51991ded8336de60d47065bc75aa1fa1989f15ce2f1c1ed63bf5b64c2fdc7d667e167faf4f7c8074f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8D1Z5HG5\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee