Malware Analysis Report

2025-08-10 22:22

Sample ID 240202-1cdzcsabhp
Target 8a941b3741b3b84f032df3fa8df05f38
SHA256 86478dde55423ea79373c7717db21ed3f16998b88d4c2f14c029b0e4f05e8a2a
Tags
adware persistence stealer
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

86478dde55423ea79373c7717db21ed3f16998b88d4c2f14c029b0e4f05e8a2a

Threat Level: Shows suspicious behavior

The file 8a941b3741b3b84f032df3fa8df05f38 was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware persistence stealer

Adds Run key to start application

Installs/modifies Browser Helper Object

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-02 21:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-02 21:29

Reported

2024-02-02 21:32

Platform

win7-20231215-en

Max time kernel

131s

Max time network

131s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\rllrtxhmayhobt = "C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Users\\Admin\\AppData\\Local\\Temp\\8a941b3741b3b84f032df3fa8df05f38.dll\"" C:\Windows\SysWOW64\regsvr32.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC}\NoExplorer = "1" C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a090c7101f56da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000001f8a1b8d50566cc727223c31269c62af51a7ed4c460a7df1d698f23ea11c170c000000000e8000000002000020000000d722fc14bff0d9806b57a7c35d0181c0d119aa2b94ca3ae57a85105285207e0920000000df1c273ae7d2bb8bab9b4100b0d4e083533ddd37fa0ff7a580d24e748c1d263c400000002128af6f91ee0ec616f17c192e3e7325c31a3734d1e9a0e048154a3d99fba179a45472d39214061835ed9454fe30af8a5d22146967781b09599ce559e91e85c0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39754A61-C212-11EE-9F2E-4A7F2EE8F0A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413071269" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000000fda4a3b16ee8f8d9fb7484515c02e46aa37f68dd59672082aea435b76c35fd0000000000e8000000002000020000000dcdb1fe72bec075a68e1466e770c8a5ff5e6f717d71a470b5f0f0685e207799d900000006aa02c785880bdcd6d7a514dad5d90016ba6dfc10a074030dc091ac50642f22a64760d5efb7ae13ad8d6c297fd04cf72d88f6a955b8af317b819497afc4c4f0597e82ee53868592ed4ad8415639fb7363749507ce3bcc7d6a88cac7c61fdc6fed6729198ab0b3ab2a9abbc8bab42e12fda9a5d84d49a0315d266932fc1021d4a57c39c47b5420169cbc9e86aa9161aec40000000084772fb539317ab934f904a46a2ba8028385f50e996d48c6a5c09a16d40cfce7ee757fb3649ee2354b33167b3f000ca9db09f559dce90d03fc7dc2c222f9d60 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC}\InProcServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8a941b3741b3b84f032df3fa8df05f38.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC}\ = "egoads browser enhancer" C:\Windows\SysWOW64\regsvr32.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ads.egoads.biz udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/1616-0-0x0000000000300000-0x0000000000302000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab342C.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar34CC.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ea56cdf9d4fc0df85b42638c8995f69
SHA1 eb79edfaf47c4c80024457b3ffecd09bc452606f
SHA256 846b355366a4432d55a6058cd400d9978af087d09efead011af6621afdccd476
SHA512 7fbe94472d6ef3940434b7b6fe775abe22bf2c83b6c6abc7a041f1ae2318f53bc6f7025f1aa513a4e34b596ce2f6f5ffff26c5b97b327a76e0622bbeb39a1b0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 684fb6ee8434903d8d95bc07bb429551
SHA1 1e7a0edc9a9bb146c19e09b3be1a1c6348c972d8
SHA256 f7f0a52eeaa4ee7fffea14afb45a9443d7244c89364ee2835fcf596fb7403f80
SHA512 6d74e5042b5cfa431b1b40e0ce0af4f7b8398bb87b62412c15146e93d56c6870b7e7616046a575cb5095e45273f70831e7977e22494b2bf51110a5796dc57421

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1543111c191c0a1efcab25eabd31ca14
SHA1 fb9dc977904766e79081a5ceee5d9ed39be1d7fe
SHA256 eca05ab3a134513293f025f07c33c85c2eac233cfd0f7072f21012731c8ba9e6
SHA512 2bcd404a79af1da2dc543dfa486f9dfc206771433d30411f2eeecfc558f4b60a08f64facc98cd42c590014c6acff66ece9f82440c6e19186d99dd89f49e9aa13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aceabba670211180cbbc941d5a96a0c6
SHA1 f69ed54f127c87b818456f5afd1ce8d0ab38187d
SHA256 2bad4a4c2bbaa0f571e5cb79f78846b67373495cfaf2519eb954461f019227a7
SHA512 1bb5ca52b7af572fef00edc05bee3cf67c84233258f83f0190377c89b44f2f6e87f37d2074e523dcca9bd36008e9565e7b0c05ee86c701511b40b40159aaaab5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fda5dbf849c569c756038904db24e0c
SHA1 2ce18e2594e460b4fc33c5c6d1050961b2665a53
SHA256 b42d22ade4cd344e188443570099239f49e778d6c7cd4b51f0f4282d9a9ad31e
SHA512 c2a5cdec938504e3a36182d173e0213570ca4b35f5f778d35e98c9c6f1636ce6132d65c289ef86f6d76d5fe96808dd49063b60f8f5c879d35a1cb1728f1b5ff2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4708f49217aa4034e803fb7872004ca3
SHA1 4ffc001c613ce18b46e8fd1ae80ca582fe51c6e4
SHA256 f67ffc4a350eabf05a33fbde948491e2135a3099d1ef2e88c9fef706418c264d
SHA512 69b3088a66d0c416b073d9fa4bce4b1ea34a3a37230680a3877489b3c0e20bba7843820ec3c9e63bb2a009a2c5c5f40dfd2fbedfa822c07d72303f226ff1d676

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ff6cc385159f2e41d98a0e05391a2bf
SHA1 3cabdadc0897be46868c4754ec1f388bd81b3988
SHA256 8c8402f977b65bc52fc7c5cd3a21c41c9559908c262a03158b22f51a2fb94848
SHA512 d7e203b51a45a9381db56d3d512c50e760fb280d374ee0a1ddb3e4f1741846f938a6fca8916b1be1e9647568c55e6e764c9fcb24ebc2b951febf6bf39eee9335

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae0e274b65411d076623cad8867d6448
SHA1 4cafe80479eb2950bbe489ccd2ea43c90a6e2b89
SHA256 824f09aa2efbef8551c24839b0b5508cf790f5bd8f758484cc5c5b1c0835210c
SHA512 835fe6e5761c81621d892f933a3b0a6f327afdf5c18262a3904415233cfb049e877a0fd74ead8b588764dd22750b5e5afeac5374ea4d55e9dfa0e29efb6d1257

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb01afb0bf6b2f68b4eff047fb21a326
SHA1 6bdef66bd5118686bf2e05720c2ab885075caeb6
SHA256 d1225b3a4779dbafb293fb46ca7f8e471186e407b6ae3c54a1580ab7f2a6e3b1
SHA512 aa7ffa3bdf305f43007885aae1a6f1a080112530c138edb8dff87fb56df19a12a34a93f4868aec47d24f26e343fa3059d861b717373790237e0927ed6b86edae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fead8d446c06735bbbcb842b95efe1e
SHA1 6627dc0d05f218de48b7921965d9a9a73525236a
SHA256 9ef398e24f15dbda95009370429cba30cbc8bfa6b3d5873fff701300cb4940cc
SHA512 f5790c304290b54858517a3c232185d43523348cd2b53aa0066bcefc9c768c9fb6353431967ab74d69bf0c102dd6f38187b4542ba960d664f7acd0866d2e97b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 401e64376c42ad9f7c44b0be268b04de
SHA1 c518e9efa1d3f40e89d5074eb5b81fd9853c672a
SHA256 bb89d7ef86f95ee88257f3e1de3e86612f12672031f642184e858f95e4d0bf00
SHA512 e12924397b72b601f3ab4abf0d1162c28ae9a4cd4c1e22eb31bf71d68a305aebcd0f832b66e274d8695ac1812cdc5e4d5208c1c4e8ce239bf161bfb59dcd0e6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2272d09fae1dbf0cd2d0eebfde99d369
SHA1 8286610870d5fddb9e49622c712ea7e0175ab3b6
SHA256 7189cf339812607dd52d88297ec2b51a9e0627942c2d1ca8ea9d3a03ed4f3644
SHA512 dd8a2fc5fb1cd09e3e9c56d1a203c80b668824c7c9ad8a6ef7ea274724d9f3145f913ef13d63021e21bf954ec8e79b8652dc33a4a4d453745f822a74b7315a43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bb793b643f76c9cf79376417001f3e5
SHA1 068175ac5e43234494884ea4e5757afda7405bb6
SHA256 906e2ef391161ccbacda37973efe516fd146cd4b610d2f61950bcc28a694ac70
SHA512 c7d58a3898129d699e6a315311836e7c5401f2e1597dd5dd9b6b533bb6816750935ae248c7cc51da5a1be77244790542143a05628a218bbdb35970e865df9b52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92d2eeed6069eaa0b83838bce7df05d8
SHA1 04561dfba3fb96f63d834a0a52cb393531a4ed41
SHA256 d920b575d538f5be41c583f8c1bb158d19bc5e2babfeb58b5d62213587efa55c
SHA512 2210323c9d28bb74d9bbbe2e28c5f31762a77f29203f0abf6b9fb98d17d06e240b6dfe4b12089a5a8bd76c3561a238a9b9d79440c4ae03d2b051acc73c99f4e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98e3275138c25d94ddcb37962780576c
SHA1 f2848490f7c241582e6508d88f0344748a92bdee
SHA256 3d0c3fa7e2aad8bcee7614a923643867585e27bba8da44f1edab878e66739de8
SHA512 42b7a26bf844685c48ac1092ec7ddb122686e92e54979ea7cfb027dfffbb33fdfe7912ef0a69af2d12a2ae7bc7573acb1c716d7cf8522b33161d48d8b360cb06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d29e8c2960990931adad4b0780f7d966
SHA1 7986308a783601286da2c00902fef2b8b2036f76
SHA256 2a1682dd78b2620e7c0068b5678c0acb4155d8cbd621391d7f1d3039a64182f3
SHA512 6b9556bd1c69bed3522fa67b93d5654a2914d802611ac48ae275fc8535197b52d602ec5c0d1abb58f0f66fb2607a8290d4be8b82a5c2137121d4fb8a27394d5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15740d6d1fc720219bda77330eae0037
SHA1 7a1387f3c613bf431c95b23196795417f5ca2c71
SHA256 fbf8f78b0da6b594220860431eb0746c0f7ae99ce795366e4c411d30c5374a60
SHA512 6a6c3b7aec3a0cc9dbe33b24442165300a58cb8b83c7a9a40fde8d85ac3bafb8959f855933c3f65c36c2305b6e0b253159316a6135c4388d34ab5f5911c61da6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43f3314fd07d5098a75f1168a104cc2e
SHA1 b5d3cddc2ddc6f17e5d13ed46923200561c15828
SHA256 65e2effb4b1f7855575ec557d0ddcb767126dbd2d8c356c493922c51b327062a
SHA512 5ea5ca25e5fe4aa4054283bb7d2ee83ba97032bdeeba5d496e6da10ac71ec4eb4116c54f3c669a7fce817987ae767a4be9b683ae1a84f0edf8ec2cf1399a3fb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2c3845c4a5dc8b79b7f746d895d9add
SHA1 a725fe7b3f5cdce823971419cf7b225aa244f974
SHA256 4f9680df2472c1f2489480330377725e37c8f9296bf66d551f31a20862a31e38
SHA512 19ea180e8dddf8cc0abb7ebbee2bcb02ae4a6f90c3112537d79a6cb813544d71a4068bf10d677581cf1e42ee9891b0f968d18d4f8de5bf38d9481ca335cdf59a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\errorPageStrings[2]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-02 21:29

Reported

2024-02-02 21:32

Platform

win10v2004-20231215-en

Max time kernel

130s

Max time network

141s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\esftzzeiwugqyn = "C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Users\\Admin\\AppData\\Local\\Temp\\8a941b3741b3b84f032df3fa8df05f38.dll\"" C:\Windows\SysWOW64\regsvr32.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92C942F9-347F-F784-D81A-6E4BF3C7D83E} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92C942F9-347F-F784-D81A-6E4BF3C7D83E}\NoExplorer = "1" C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "235735595" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de6000000000200000000001066000000010000200000006828ae0919e1dee58cb73d4ea7f9e87f2292c5a1331d54bc6c4494ff9abd1f1c000000000e80000000020000200000003e06a9328fc9224fa674fe817cdf09f6b03efbce0cd6319674b5a5e0435202e7200000008c426758b48256fca4ddb3920aa7b991ca5e074bde0f6b634648ebcc1e7bd0624000000007ce5f49e073199cf6116559994b008c723465c333e3699e0dd4b734c8a075ad664c8262fb1c6092a1249f432053398eaae096242760316ce4d99ff600003914 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de600000000020000000000106600000001000020000000a9322164b124f501b319c7930df9fe5cf6d6ce140aacd337d39089e9caa08d28000000000e80000000020000200000002d8b2775ff19525f3a7bb99d3298717168797196c9c69641ca02d7027f2fb46a200000004256348ee841bff7b9957bf5c139b1895b4dd368d19a0b00bc034997d8e644ff40000000c93989e474795aead4ae2859a21ce0b5815d3ede1c91cc8e9e96a0a7437c57f9faa6e21d6e3450dcc9fc4ded9ad3bb7e5aaec0160fa954d66de68368611752fb C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50e651491f56da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086111" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de600000000020000000000106600000001000020000000cc093f7de853d224ce4186264e0a123c73ac1cfa3e52403debfa0a94add39d22000000000e8000000002000020000000c6caed37204ce6c4ab6d2d67a50315566543aa8daf22482c089880ec7205205320000000fe1bbd43381d74d7a872a802c5f31c0f4a5c2ccfd3cf2983bafd8fb8107bb91d40000000f9311a0e7f29e11ece6ff7dfd11edc8cc627191439c7ff788bde813f7a7cc85e5399d4597fcc22b73b11494900a3704ad66d960f6e139435abf5eaba6f3165f5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413674377" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "233861030" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31086111" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "235735595" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 700027211f56da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 109ec1341f56da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31086111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{398480F4-C212-11EE-BD28-4ECC77D3B663} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de6000000000200000000001066000000010000200000009c3959ee9e0ddf23800aebddeb2dfbb88e63732058629a5e1c5dcd8dd3484c6e000000000e80000000020000200000006885c63355045cfc71beba30b18e765663584b7d72ab71b2aa2a64cfdd9e89fe20000000365fb2ff26242ca4582c89c4b68567819e3547de9195670239d4f8884f1b508a400000006af60a188f3e0a4ceb9fbea7852beac56a778783b23860280f6766ae4740a6b9aa3afa8208f96244a331a682e79ffa71381f7b49738ec9cd6e5717621930b54e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a4390c1f56da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "233861030" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{92C942F9-347F-F784-D81A-6E4BF3C7D83E} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{92C942F9-347F-F784-D81A-6E4BF3C7D83E}\ = "egoads browser enhancer" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{92C942F9-347F-F784-D81A-6E4BF3C7D83E}\InProcServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{92C942F9-347F-F784-D81A-6E4BF3C7D83E}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{92C942F9-347F-F784-D81A-6E4BF3C7D83E}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8a941b3741b3b84f032df3fa8df05f38.dll" C:\Windows\SysWOW64\regsvr32.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4684 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 ads.egoads.biz udp
US 8.8.8.8:53 202.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 ads.egoads.biz udp
US 8.8.8.8:53 ads.egoads.biz udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 ads.egoads.biz udp
US 8.8.8.8:53 ads.egoads.biz udp
US 8.8.8.8:53 29.179.17.96.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 5.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 ads.egoads.biz udp
US 8.8.8.8:53 ads.egoads.biz udp
US 8.8.8.8:53 ads.egoads.biz udp
US 8.8.8.8:53 ads.egoads.biz udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 cb99b6d5040641081530ef8f6049f1aa
SHA1 3fa9e3148cbee0e561da3787919043483ee5e5c0
SHA256 3e1607026f332ae19539f0621c8b18c820245d196febf8bf258253667ebc94d8
SHA512 13cdc5995fa4741d474c00491ea55b26101a88ee3495327950249e8bef1e16de29f46d0c1ffef3682eac0e041f0b06545d51ef8152a33606f0e13fe35e6a1d83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 552a65f15928a9b10754de336408c493
SHA1 10c43af1c72462c22e65e08c3bc6ef25039304aa
SHA256 0c305345a67f5005297bcff546fb7f67030568ef9b93d7ac5e4341b3366d7853
SHA512 fb9b90454c3952dcd4c0c342e2437b5a67ddbd8a7aece549331106a0dd2972849ae56368d3aacb6716fb4e8c640133c1de43f39290965d0de5aa1e27da200e50

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verBAD4.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SB302YPZ\errorPageStrings[1]

MD5 d65ec06f21c379c87040b83cc1abac6b
SHA1 208d0a0bb775661758394be7e4afb18357e46c8b
SHA256 a1270e90cea31b46432ec44731bf4400d22b38eb2855326bf934fe8f1b169a4f
SHA512 8a166d26b49a5d95aea49bc649e5ea58786a2191f4d2adac6f5fbb7523940ce4482d6a2502aa870a931224f215cb2010a8c9b99a2c1820150e4d365cab28299e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\httpErrorPagesScripts[1]

MD5 9234071287e637f85d721463c488704c
SHA1 cca09b1e0fba38ba29d3972ed8dcecefdef8c152
SHA256 65cc039890c7ceb927ce40f6f199d74e49b8058c3f8a6e22e8f916ad90ea8649
SHA512 87d691987e7a2f69ad8605f35f94241ab7e68ad4f55ad384f1f0d40dc59ffd1432c758123661ee39443d624c881b01dcd228a67afb8700fe5e66fc794a6c0384