Malware Analysis Report

2025-08-05 21:21

Sample ID 240305-flxgvaff84
Target b3d67c1e0ad110a82dbc539030b4e071
SHA256 ddc6524cbaea8ecf160d37aa0dfa264acf8873e1a3c8830fa0fed4947fe2ac4c
Tags
aspackv2
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ddc6524cbaea8ecf160d37aa0dfa264acf8873e1a3c8830fa0fed4947fe2ac4c

Threat Level: Shows suspicious behavior

The file b3d67c1e0ad110a82dbc539030b4e071 was found to be: Shows suspicious behavior.

Malicious Activity Summary

aspackv2

ASPack v2.12-2.42

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-05 04:58

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240220-en

Max time kernel

121s

Max time network

123s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MiniIE\COMDLG32.dll

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2220 wrote to memory of 2020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2220 wrote to memory of 2020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2220 wrote to memory of 2020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2220 wrote to memory of 2020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2220 wrote to memory of 2020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2220 wrote to memory of 2020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2220 wrote to memory of 2020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MiniIE\COMDLG32.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\MiniIE\COMDLG32.dll

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240221-en

Max time kernel

141s

Max time network

138s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_StartPage_Bot.htm

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c230677000000000200000000001066000000010000200000008fcad701c877390c5c9a5a25d36dca4526621de1161f043b16687ecde6aade2a000000000e8000000002000020000000c583e2a393ed908da0b5419108f24a72ab1b58f6d09c6ad713f149130100aad020000000b21c1d7832b20a66c05f315b66ee6ba9342a08e7cc2a43c1ca005b710f51b12140000000fcf0d00f0f9bb1936319614d496178e3efbe0a71e183dc5e8aa4e1434d14fefa4e1542a22846573bafa5b7277bf9012a720e8b95b912112044789770d4bd89f5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0da99d0b96eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c2306770000000002000000000010660000000100002000000014cdc467d14ed8db0a40fc65ee3f1ab01ec5e658e1612c4cbc7e07c7a6e53baa000000000e800000000200002000000053cc9438a2e113e31343ba0641134fb1e2d49b93ed5d05a0e7012aa75165027590000000b7581a9bd7ca8109a887ae9cb97aa5dee9ed6eb0799665c4b5848eee546b0540bb63e3dc9e99bc44b2d3760d3e5082e743e10aa9ec2732d931d58444fb81975337a99aa5da6058133a3fd5820ee8f6b025405523cd094f1ffe4faa8e818e504c746cd081fb70828f78f0f8cb6adcbd20ace5a7467a01c449142e5aec263564e3af3988da41d771adb1874cd7c2197f374000000066b365ed8e988a8f56b410dd0e97131a97a7ebca1b1bccd14d663d52476e3b78bcd43782b3a86735594ab7a7687ec7f0eef8eba3dda5d92483c7e66ba65b5462 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FBB22411-DAAC-11EE-AF23-56D57A935C49} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415776573" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_StartPage_Bot.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6B06.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar6F7F.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cc678b711fcae3760adf4b6a7091f5c
SHA1 35dd40a49b4672d18f98ad150427c5f964380c1f
SHA256 745bf09852993baf2fe163e4fb726c25462e15b64f5c8000e54c08d63e694c8a
SHA512 f325fa4e149d071fc4acd3c691117c9ad12c398d243da8fa970133ad4f9bfa453fe108cf3f0416141d8b3cfc29860fa69d7b828cadc9cda919ed3e4ac775e4da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 279337fef6d86d16778d343409aafabb
SHA1 13769ae63ff139357fcd19b0970571c04007e91e
SHA256 6fbf0467dbe7041405b2ec739d0999c8f8d267208b5c348f74ffd9018f8e187b
SHA512 619e818f99fbcb0539ca0ccfbb1d64de7c214583d2b65cf9bcaf771c17cd21f429c3a9af0954aac678ff00221a9d93c78999fce92530c05874714c1f01ae109c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f752a0cf5f8f9f4dac43ae35d12bf1b0
SHA1 f27665f2ff8d15bee67be379126a8dedafdb541a
SHA256 777fded2389b0902421643224888234cd7d2d42071721b56a4f6e0594b0d167c
SHA512 9541af6c30bdd40fb6b4263e86009da8c1e7ee12427fc4aa164986e64ea15c4d145c65e3b9dcc0051723baeb8e5b33735b489359784c109e688979da2e20f337

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27f178fdae6372d2c6b8158ee1dbe4b3
SHA1 35c81882a1634314df814699c1dfd7ef8c65cf73
SHA256 1297230afb738c6704b933a436810a2efec95483eab25725af44f5f6bc243579
SHA512 00ec73a66c20b1c492b64d4cdb5f9ec8a847e46dbbc5e7bc7c4c5cf5d84bd9430877a154a03d2e9c38e3a008c410704bc11587a36871a0ca5e217dd39af3893d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73a9762a6f681ad0e2b1c5d80eae6248
SHA1 755fc184e8c2588bf5a75b4c1163f76fc3344b7e
SHA256 707ca30078af9549ed2d142a92aae7e6a2a59b7075e310bf4953f4f3996a1089
SHA512 54c47a9a8e04f02bdff3b4a950bc67d58b0154482670f4826be98f9c4ee0552edd81edf9555129181c9c213fc662e2ce817d9da0f1e2f48c5efc24e2aa15a0ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2d1995c7a2892fa0657b91f1815d9f9
SHA1 697edfdf3171db1daf8369f4c8e51f486259dbab
SHA256 ab2d3fb6ea7bf57d3ea58b3b24075757aa025e44b5fb397d53ef20825e96d41c
SHA512 42edfe4e14d0f54e04886b0457c9bbaa0ba0b6f540fb1c9b2d9669e0d4d5607eb5f2baf2f07724ae7816f10d6c1afd9dcbdbca0546282358b180890d1f303e38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cb2743177d16d83275217eb156261b8
SHA1 417becad14479d996aca3e80c9e5e48e6da62b81
SHA256 cc155e4e1dc8467a34ed881ccf6dca950205888012c52b343f0383821f1291a0
SHA512 234a56b01964413b3d6a35602c01e6bada9d6fcaa102368b7de224a5be9a2c5f0a45059eaf696ab520adc9d9883b4870a28d58dff512bcae99b15e24173e1078

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22db1d7fca131cd0eafb2d1586766d59
SHA1 9aaba78d675d88ee6d45a04b0493b7e808402694
SHA256 81993cc0d477530631c5667b481d776479e44d22113810abcb6067d95f7c9a14
SHA512 caf42ad34320c84da6cf49e6033a007df8e297f1c216e736825ca88b22f45ef4538e487e522a2fa5a08501053a20ec420434c96ed894a80c49cb18579f5d68f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 634e402000d4fb52db37ca5f7e1981af
SHA1 0cd301503d2f976b58280c2b7c2694bae48055e9
SHA256 29d714cdb3138a205690169390d30df13901e83272a596bfcacffc4fb11fe698
SHA512 126276a6f79e8458585b5498dc153fc69d78dcac8f0170bb8e041ac3a7d063edc82ebc7c5279d1cc4cfd65e69d188f2adb042914d9f0df200c61f255a3fd4786

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b33ba2bdb0be4004aa6aedb2fa73db6
SHA1 12488c8c3408cf001808baaeac02b1957be2dd2c
SHA256 05ae3465afd38156ea3d8a3872a468a407f94a60f2d02d857931675679cadbea
SHA512 229035212ff68487aab221f761e66b98f7e326621763cd95ad161c3d3f8848a142bf25ed9956e29a80667c3f20353d806aecc2fc1431b8e0554d783472a8d49c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f658a0154a143f1e32087f2fa32e111
SHA1 3abf21b3c84b7dec0b459d6378b892d5c049a841
SHA256 7ec746f54480622d3760a5aea85eb70b82342c154c84b6f0f0972c9c8648971f
SHA512 485403b5acf50b29640d026e379760dd30843fd02b92b4e66ba4348e8c6a2e6941871d178811b13c644070b015919a42cb0ed0d38528f59c15bba07e9b8459bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3a40d4e61856a7c5c28f0480cab2033
SHA1 d20c61b8c58e316a02c78d048d212664d643457e
SHA256 03adef8914dc31a360acc3d8eb5c34cdfc91d43432c3cc70fe58c1f0185c9a31
SHA512 567ccafe013c72d3aa8b5ed9e6bfd9c6bc75ab170ee4392dd6f60b7f8f64368691408ddfdcd3a14bdb4a3226ee55babcffe753d1a16223ed784037ad59f8d5c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc6e9f488f104e576b4b3dc763c0a87a
SHA1 f02bfac6989d1e59e907096da5ffee3f91c782e3
SHA256 1bf8b5d7dc202eab57954c96f6f709547be163b8f718c2b78182bb424be9add6
SHA512 1a583bf95cc2ebf43301db64884ee4a20d3b166317e95bd8d5d1c16fedc8aca9be30fd47eb067c899663c821f5fbe9bcf99c3de8617eff894974713b7b8b9a70

Analysis: behavioral15

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240221-en

Max time kernel

120s

Max time network

124s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MiniIE\MSINET.dll

Signatures

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID\ = "InetCtls.Inet" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Programmable C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS\ = "2" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Control C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\ = "0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR\ C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer\ = "InetCtls.Inet.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.dll, 1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1\ = "132497" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\ = "Internet Control URL Property Page Object" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\ = "Internet Control General Property Page Object" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version\ = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3048 wrote to memory of 3020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3048 wrote to memory of 3020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3048 wrote to memory of 3020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3048 wrote to memory of 3020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3048 wrote to memory of 3020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3048 wrote to memory of 3020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3048 wrote to memory of 3020 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MiniIE\MSINET.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\MiniIE\MSINET.dll

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:01

Platform

win7-20240221-en

Max time kernel

121s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe"

Signatures

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe"

Network

N/A

Files

memory/2484-0-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2484-3-0x0000000000400000-0x0000000000409000-memory.dmp

Analysis: behavioral31

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240220-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\MiniIE\新云软件.url

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\MiniIE\新云软件.url

Network

N/A

Files

memory/2088-0-0x0000000000330000-0x0000000000331000-memory.dmp

Analysis: behavioral22

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe"

Signatures

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\ = "Internet Control General Property Page Object" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.OCX, 1" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.OCX" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer\ = "InetCtls.Inet.1" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.OCX" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR\ C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1\ = "132497" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\ = "Internet Control URL Property Page Object" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Programmable C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID\ = "InetCtls.Inet.1" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.OCX" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 211.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
GB 96.17.178.211:80 tcp

Files

memory/5064-0-0x0000000000400000-0x000000000043D000-memory.dmp

memory/5064-3-0x0000000000400000-0x000000000043D000-memory.dmp

Analysis: behavioral24

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:01

Platform

win10v2004-20240226-en

Max time kernel

146s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe"

Signatures

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D8B-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B66834C6-2E60-11CE-8748-524153480004} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.Slider C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA50-E020-11CF-8E74-00A0C90F26F8} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E82-DF38-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.ProgCtrl\CurVer C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF877890-E026-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D8C-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\Programmable C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{612A8626-0FB3-11CE-8747-524153480004}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\comctl32.ocx, 4" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA52-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8A0-850A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A7-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TabStrip\CurVer\ = "COMCTL.TabStrip.1" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\ = "ListView Columns Property Page Object" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E86-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}\ = "IControls" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\VersionIndependentProgID\ = "COMCTL.ProgCtrl" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8A5-850A-101B-AFC0-4210102A8DA7}\ = "INode10" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF877896-E026-11CF-8E74-00A0C90F26F8}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF877894-E026-11CF-8E74-00A0C90F26F8}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\Implemented Categories C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA42-E020-11CF-8E74-00A0C90F26F8}\ = "IButton" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E953-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8B1-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E791-850A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D83602-895E-11D0-B0A6-000000000000}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D83601-895E-11D0-B0A6-000000000000}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ = "IVBDataObject" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6E17E88-DF38-11CF-8E74-00A0C90F26F8} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A3-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA62-E020-11CF-8E74-00A0C90F26F8}\ = "INode" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D83601-895E-11D0-B0A6-000000000000}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6E17E8A-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A0-850A-101B-AFC0-4210102A8DA7}\ = "IPanels10" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{373FF7F2-EB8B-11CD-8820-08002B2F4F5A}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{373FF7F1-EB8B-11CD-8820-08002B2F4F5A} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\comctl32.ocx, 17" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA42-E020-11CF-8E74-00A0C90F26F8} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D94-9D6A-101B-AFC0-4210102A8DA7}\ = "IImages10" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}\ = "IControls" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D8C-9D6A-101B-AFC0-4210102A8DA7}\ = "ListViewEvents" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A1-850A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8A7-850A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8AF-850A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.ListViewCtrl.1\CLSID\ = "{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.Toolbar\CurVer\ = "COMCTL.Toolbar.1" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B7E6390-850A-101B-AFC0-4210102A8DA7}\ = "IStatusBar10" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe"

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

memory/644-0-0x0000000000400000-0x0000000000419000-memory.dmp

memory/644-3-0x0000000000400000-0x0000000000419000-memory.dmp

Analysis: behavioral26

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe"

Signatures

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4160 --field-trial-handle=2588,i,14229658658073991926,6938034815163866135,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.204.74:443 chromewebstore.googleapis.com tcp

Files

memory/4224-0-0x0000000000400000-0x0000000000409000-memory.dmp

memory/4224-3-0x0000000000400000-0x0000000000409000-memory.dmp

Analysis: behavioral27

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240221-en

Max time kernel

120s

Max time network

120s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_SDD.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2492 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2492 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2492 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2492 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2492 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2492 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2492 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_SDD.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_SDD.dll,#1

Network

N/A

Files

memory/2192-0-0x0000000010000000-0x0000000010013000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240221-en

Max time kernel

145s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_Search.htm

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50743ed0b96eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007823eddbcee3e149bc4db86b21295af60000000002000000000010660000000100002000000063281fcefd5e7e572a219f336644679fa67b37d0b71ae71116cfc827ab5452bf000000000e8000000002000020000000e5a40d48d1559c3c22ba3267e513dc1a9fe45671bc3e2ae21ccb682a03a27a0a2000000005c18b6cb9b4c31b7aacd0f5bd3f92a4c405577eb3b50b64a4155775defd033a4000000083f2c38b99b78fff3daf2ce4cb8df809c8a38348379ce284a927c70eaeec208d46b024ef272dbadbe6343f228063a7cab79f40e0c482aa97f6a5f3e89b12ee8c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB2A9CC1-DAAC-11EE-BB46-EA483E0BCDAF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007823eddbcee3e149bc4db86b21295af6000000000200000000001066000000010000200000007d3c448045813af800e8523856569570657a2016b6ed7a21bba7e9ce05638187000000000e80000000020000200000007f7fc69864a5f6cc3784e228723955878a03644c11a32ede8e4370aaaa0a1861900000008b48924d5f42515447dc15985b608b8de6d30f4f7da1786e4dc981303eabf2229b51783e94681bbd6a485d3dfc2db593c63f15c734defafb3f242c2a2830d89b8a7110c43b2ca6533fc353f8660430f2938243963d06cbf4a3a74058e333b0e6a15c554de641cda79463870394bfe46a48f6bcbdc00e7c8cbca9bdc0c8b91471c9d642dab17d1e1db51535491d1886a740000000068a1a0fb69da4a036ffb8c07dc23d0d23d0b9ad22793a6378444aa6ea6215187eab3b357d03f5ec16625d43b702237e9890e00f5c93e27dedb9ad4f4bd7e4d6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415776573" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_Search.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 count29.51yes.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 site.baidu.com udp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 unstat.baidu.com udp
US 8.8.8.8:53 weather.265.com udp
US 8.8.8.8:53 miniie.com udp
HK 103.235.46.234:80 site.baidu.com tcp
HK 103.235.46.234:80 site.baidu.com tcp
GB 172.217.16.227:80 weather.265.com tcp
GB 172.217.16.227:80 weather.265.com tcp
US 45.201.242.64:80 miniie.com tcp
US 45.201.242.64:80 miniie.com tcp
US 8.8.8.8:53 www.265.com udp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
US 8.8.8.8:53 img.hao123.com udp
CN 58.254.180.65:443 img.hao123.com tcp
CN 58.254.180.65:443 img.hao123.com tcp
US 8.8.8.8:53 count29.51yes.com udp
CN 58.254.180.65:443 img.hao123.com tcp
CN 58.254.180.65:443 img.hao123.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA537.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\CabA70E.tmp

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\TarA761.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 749f48620166d6df12844a08dbd3e660
SHA1 84778ff5ca43aec9957a951e66f2d56a8f676b7d
SHA256 9c56dee62d3d8591fb92e3019cf9d4d50c49752b029430144289e4f5b13965bc
SHA512 6509c74ed69f9dc64f01996bdc7dd5742960f35384e6adc2565f354200c8941d224d0745c6f0d95c3ff090a1ead4fa12b0e3b7c7ff680752536d8557ce96c8f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b45534a957bcda1f3b72e62953259987
SHA1 10b04643646009307ff724b22b8ed4599926bc38
SHA256 0e53e96abc7973f0273c495493485f63fafd02d8194552767812a7efa0dac796
SHA512 faa9f53c67241026d57e396fc1d34c66a3bfcf36bc0c384622df9f98d1aa8198ff55b7240670b428ed51893d16b55890eba9867010801b773b005b76d5f983a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4d921d4293338a1ca2ff53d002f0c20
SHA1 36cf0868d34f1a99916cb23f87288f94938d4875
SHA256 d93fe18b14bbd8fac9e71ddb1dcbaeb68ea0ef5992e80842ca50ff5e7f447134
SHA512 1905c7e021a042ab17412ecc75a95b0e5b07b1efcaf46237bda3e093f419038fffd13a4d9b325ef39287973004bd09a557a323ac1b94b28d5780a9dfbd14bedf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1e4a5ce66d96236ab341fccaa63b766
SHA1 a38132265f936d1252b5dd5cbbbd1a5551dd6d7d
SHA256 55b85856c1934c49908d70f9df0c299b493f97604256e08cd49e02be22644868
SHA512 1ae630d12b09f4486a15dcc499fb39098a0455aaf96af62c530bf20c483bb4b2659897d4d6b547ddbf1c1ba6c5dadb67435a0760402adc1342adad3d37fde346

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd5a9cdaa22007862b1022344e98a741
SHA1 a85bbc8abd6a5c2e94c31bc910c2e63f69de155f
SHA256 30e92973b1a67f22a92581c57490df5ab52ee3fab3cdbbb782e367a0fc9e4579
SHA512 6f26d7662cd39397088898c0f53a0c752834b5937eeaec39aa8f38537544ddaffa6e752d2202979eaf9b246404f55d40731e2016916c35ceea6d39621e47077a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 509cbc6df953655d0a7e9c6578468f0a
SHA1 79bbd231bd4624b4f38920d3b40a43fb98ae3222
SHA256 f4a672e6a03c65cadca858f41b28cce6e02d4b4397ea078af089bd6fc9482fda
SHA512 f28c1aad57a75979ed2d86f648b3dce78386f895c86e5fc7e73d126ae81dcee6ee1f0c497af811e643670eae48bfbf9afb125f925e5bcaf1bdfd4bcf12bfd611

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4861eeaf87791e8527ebba1b4c114827
SHA1 edea2a88b61f3145dc4b022d463e7988c1c8fa37
SHA256 83b34b1d329a68bae1485af9a6eb8d8c31957d3952df14cc541a0ab95ad4f84b
SHA512 5d939543dec92490a45e2f0132eff6684910956c19a412c2f9918f34f660cecf788566851c3366c278cf5b5f7a9fb59a7070992727a1c7913d86bbb6e4afe82e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 906729ae56a6fec6e71bcd0051276a6e
SHA1 d0f987f1e4fbb221ef564b9a129d707e966a49e7
SHA256 fee9ec01a750fa348032bee0d72294fcf988b2d9aba992a3d819e4a43f60670d
SHA512 4d392626152a7baf7d605038529952c4d8955f225905b63e6ac267913e80aedcff608b4f5373c56c983abaa1c14de02dbc44b28b57d9797f82fdcdc391aeeccf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e150ed2c2854f9337fba03f1fb071f18
SHA1 7bbb23a0bde47f6c5643f2c4398623d2b26c6263
SHA256 48d51f7970f941782fb393eb49adcc95c7c15c02966a306b47397cb04933a013
SHA512 be6fdd926de32f76bd32f467208a4f6b92849b2033eb7a9546ac0c651e1d86229547536b7d6addf59a96f8031dd1cca524a1089b086554b6edf42c1d416ff3e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45c73e77a7470f1a39e7e9f18a8455e7
SHA1 68a276e2c13d9587a6dd900da6b92be5047323c2
SHA256 56032b06e50acf4dc457f0f98baeb7724d545dce162bec86dbc2a509bc8cba9a
SHA512 8442d6ef7b93ca296eff893bd296d629ed8c2c17f7b65789e86a159b7779cec81b0bd5513f3f7cdbc5b0d62064c6115ec2465e7cbf3ec257508e16c8c903ae9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70f1cac11241e905e3e93e58428085d1
SHA1 304d36fbb3328f8745164c60d741e86afff7768b
SHA256 f0df80b0710abd00c6c64cabc60a0890665bed44186a885555214f2fb939e86b
SHA512 dead253b527bc6a74affdb26747e377eb16916eaf53a589eca79396d92a9422a6c553e2bfdf3d804de0774df98a8335255355eec667335c7ff5cc695dd92049e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0137e37327ecd58996d7176345fa60ec
SHA1 cc0dcafe9aa612d726e95ebd014cc73ec2e2e4ae
SHA256 7e1a11981783314656bec2d4c83e5d0e2c02b00a69f344f8c7bf2bcc3e7a46cf
SHA512 edd846f0e20f875d6cc9fcd18284a0d52ccfeb29654c8cede5e28a8cd84c7832a6018accaf279f9259fa38737edf04ec819ef7462aa20b9f57e711c6206e254f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e6e8f51c76c7a40003d3725274ed176
SHA1 31e35a9cd1bf54c1809b81e6718680d8a96c78c4
SHA256 9ba7bdc40d7479667a62265f3e760bdfe4b4cb527ccafd9409282db9733ed5a4
SHA512 aa745a26a97f5170302324fe8f8e945d16e107d0f37b4b6273fbfefd2a6706faf5bb21362503a3b197d2666c580669f5fc4ded8933bacb88c40392d4b9a7ff27

Analysis: behavioral4

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_Search.htm

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_Search.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4200 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5112 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5268 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5444 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5852 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5880 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6040 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4200 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 count29.51yes.com udp
US 8.8.8.8:53 count29.51yes.com udp
US 8.8.8.8:53 unstat.baidu.com udp
US 8.8.8.8:53 unstat.baidu.com udp
US 8.8.8.8:53 unstat.baidu.com udp
US 8.8.8.8:53 unstat.baidu.com udp
US 8.8.8.8:53 count29.51yes.com udp
US 8.8.8.8:53 count29.51yes.com udp
US 8.8.8.8:53 unstat.baidu.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 88.221.135.81:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 weather.265.com udp
US 8.8.8.8:53 weather.265.com udp
US 8.8.8.8:53 weather.265.com udp
US 8.8.8.8:53 miniie.com udp
US 8.8.8.8:53 miniie.com udp
US 8.8.8.8:53 miniie.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 site.baidu.com udp
US 8.8.8.8:53 site.baidu.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 count29.51yes.com udp
HK 103.235.46.234:80 site.baidu.com tcp
HK 103.235.46.234:80 site.baidu.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:443 www.microsoft.com tcp
GB 92.123.241.137:443 www.microsoft.com tcp
US 8.8.8.8:53 weather.265.com udp
US 8.8.8.8:53 weather.265.com udp
US 8.8.8.8:53 weather.265.com udp
US 8.8.8.8:53 miniie.com udp
US 8.8.8.8:53 miniie.com udp
US 8.8.8.8:53 miniie.com udp
GB 172.217.16.227:80 weather.265.com tcp
GB 172.217.16.227:80 weather.265.com tcp
US 45.201.242.64:80 miniie.com tcp
US 45.201.242.64:80 miniie.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 234.46.235.103.in-addr.arpa udp
US 8.8.8.8:53 64.242.201.45.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 www.265.com udp
US 8.8.8.8:53 miniie.com udp
US 8.8.8.8:53 miniie.com udp
GB 216.58.212.202:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 img.hao123.com udp
US 8.8.8.8:53 img.hao123.com udp
US 8.8.8.8:53 www.265.com udp
US 8.8.8.8:53 www.265.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
CN 58.254.180.65:443 img.hao123.com tcp
US 45.201.242.64:80 miniie.com tcp
CN 58.254.180.65:443 img.hao123.com tcp
US 8.8.8.8:53 www.265.com udp
US 8.8.8.8:53 www.265.com udp
US 8.8.8.8:53 www.265.com udp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

135s

Max time network

151s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MiniIE\COMDLG32.dll

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3668 wrote to memory of 4056 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3668 wrote to memory of 4056 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3668 wrote to memory of 4056 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MiniIE\COMDLG32.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\MiniIE\COMDLG32.dll

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4144 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240221-en

Max time kernel

140s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE-Capture.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE-Capture.exe

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE-Capture.exe"

Network

N/A

Files

memory/2380-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2380-1-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral20

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

140s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{612A8625-0FB3-11CE-8747-524153480004}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8D0-850A-101B-AFC0-4210102A8DA7}\ = "IProgressBar10" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8AF-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA52-E020-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83602-895E-11D0-B0A6-000000000000}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D8B-9D6A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D83602-895E-11D0-B0A6-000000000000}\ = "IListItem" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8AE-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\COMCTL32.OCX" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E791-850A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C787A52-E01C-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA60-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83601-895E-11D0-B0A6-000000000000}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}\ = "IControls" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open\command C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\COMCTL32.OCX" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA62-E020-11CF-8E74-00A0C90F26F8}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF877896-E026-11CF-8E74-00A0C90F26F8}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\ = "Toolbar General Property Page Object" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E451-850A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\MiniIE C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\MiscStatus\1\ = "131473" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9ED94442-E5E8-101B-B9B5-444553540000}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA62-E020-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D83604-895E-11D0-B0A6-000000000000}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.Slider\CurVer C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6E17E8A-DF38-11CF-8E74-00A0C90F26F8} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E451-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8B0-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF877890-E026-11CF-8E74-00A0C90F26F8}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E791-850A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA62-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8B1-850A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\MiniIE\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MiniIE.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\ProgID\ = "COMCTL.ListViewCtrl.1" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TreeCtrl.1\CLSID\ = "{0713E8A2-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B7E6391-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8D0-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\ = "0" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ = "ICommonDialogEvents" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.ImageListCtrl.1\CLSID\ = "{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8A7-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D95-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6E17E86-DF38-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D83603-895E-11D0-B0A6-000000000000}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe"

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe FirstUseC:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe MiniIE - ÕýÔÚ¼ì²é¸üУ¬ÇëÉÔºò... 1 ...

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 miniie.com udp
US 45.201.242.64:80 miniie.com tcp
US 8.8.8.8:53 www.goodtv.cn udp
US 8.8.8.8:53 64.242.201.45.in-addr.arpa udp
US 8.8.8.8:53 www.gogois.cn udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/2308-0-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/2308-3-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/2308-4-0x0000000002D00000-0x0000000003133000-memory.dmp

memory/3968-5-0x0000000000400000-0x000000000043D000-memory.dmp

memory/2308-8-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/4916-10-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/2124-13-0x0000000000400000-0x0000000000409000-memory.dmp

memory/3968-16-0x0000000000400000-0x000000000043D000-memory.dmp

memory/4916-17-0x0000000010000000-0x0000000010013000-memory.dmp

memory/2124-19-0x0000000000400000-0x0000000000409000-memory.dmp

memory/4916-20-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/4916-21-0x0000000002B50000-0x0000000002F83000-memory.dmp

memory/4916-22-0x0000000010000000-0x0000000010013000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

145s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_ErrorPage_Search.htm

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4820 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 1700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 1700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_ErrorPage_Search.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee1af46f8,0x7ffee1af4708,0x7ffee1af4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10242259307731394546,1267248237382020812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10242259307731394546,1267248237382020812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10242259307731394546,1267248237382020812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10242259307731394546,1267248237382020812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10242259307731394546,1267248237382020812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10242259307731394546,1267248237382020812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10242259307731394546,1267248237382020812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10242259307731394546,1267248237382020812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10242259307731394546,1267248237382020812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10242259307731394546,1267248237382020812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10242259307731394546,1267248237382020812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10242259307731394546,1267248237382020812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1332 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e1b45169ebca0dceadb0f45697799d62
SHA1 803604277318898e6f5c6fb92270ca83b5609cd5
SHA256 4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512 357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

\??\pipe\LOCAL\crashpad_4820_SBDAUXNGRUJMFVYI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9ffb5f81e8eccd0963c46cbfea1abc20
SHA1 a02a610afd3543de215565bc488a4343bb5c1a59
SHA256 3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA512 2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 219d3ab0a450583f55ffba0e0889777c
SHA1 40cf7fe800b35bf0fe3c12d8e17968abe94d21ac
SHA256 aab94e5c7a71c825c0244db9fc022ec5d928647bafb1d6812c6c0603865d6053
SHA512 006e927f0e2a6bcb606b94563a0aa2dffffd2f8593b6c5ccfb733ebbf4bafdcc29fac61c3fc0941560c9ffae495d96379a2fb963cf39905a972380b9277b13fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aad52d27de9ca69ab437915d346c4a43
SHA1 56fec07511f003935a1e28ba6b76e6f3429e51fc
SHA256 25b9399a4ef5b2482d433bfd4ad7495362c71fd56ee3d68ef799d5f5acc14d55
SHA512 3815c283d0f6e20168014340d7bc1c6c5b97beed95c222857674281352f6b6946070269789143c16b35b0d811587d6d511b13f9b35266b0addbbe96a71128fbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d6626d1ea27a92798c4270626385a0ce
SHA1 59dc1d1afc20fb826fdb17c8c7088974a783e280
SHA256 1141d8710ab7d33eb5d73b7a1d762154e5030719603384b899667fdad68a0d3b
SHA512 4d6ab50e5cdc521d1f75fc49cdbf82935d6555596f6c09a69c585cc5b3b3486d15a63fa0a51b354dd1890decbb0079cc3e7975c6a7091aa82147ec9639a82611

Analysis: behavioral12

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

144s

Max time network

151s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MiniIE\COMCTL32.dll

Signatures

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ = "IVBDataObjectFiles" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A1-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA52-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E451-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83601-895E-11D0-B0A6-000000000000}\ = "IListItems" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\Implemented Categories C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E944-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA52-E020-11CF-8E74-00A0C90F26F8}\ = "ITab" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9ED94441-E5E8-101B-B9B5-444553540000}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83602-895E-11D0-B0A6-000000000000}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6E17E82-DF38-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D94-9D6A-101B-AFC0-4210102A8DA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D83603-895E-11D0-B0A6-000000000000}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\COMCTL32.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\COMCTL32.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\COMCTL32.dll, 1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA52-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B7E6390-850A-101B-AFC0-4210102A8DA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8556BCD2-E01E-11CF-8E74-00A0C90F26F8}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9ED94441-E5E8-101B-B9B5-444553540000}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E953-850A-101B-AFC0-4210102A8DA7}\ = "IButton10" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A7-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83603-895E-11D0-B0A6-000000000000}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8AE-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E86-DF38-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TreeCtrl\CurVer\ = "COMCTL.TreeCtrl.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E791-850A-101B-AFC0-4210102A8DA7}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA42-E020-11CF-8E74-00A0C90F26F8} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\MiscStatus\1\ = "237969" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF877896-E026-11CF-8E74-00A0C90F26F8}\ = "IColumnHeader11" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{612A8626-0FB3-11CE-8747-524153480004}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA40-E020-11CF-8E74-00A0C90F26F8} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B7E6390-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF877892-E026-11CF-8E74-00A0C90F26F8}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF877890-E026-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E80-DF38-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA50-E020-11CF-8E74-00A0C90F26F8}\ = "ITabs" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8A3-850A-101B-AFC0-4210102A8DA7}\ = "ITreeView10" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\MiscStatus\1 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA50-E020-11CF-8E74-00A0C90F26F8} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8AE-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8556BCD0-E01E-11CF-8E74-00A0C90F26F8}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{373FF7F2-EB8B-11CD-8820-08002B2F4F5A}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.Toolbar\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\ProgID\ = "COMCTL.ProgCtrl.1" C:\Windows\SysWOW64\regsvr32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 220 wrote to memory of 1688 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 220 wrote to memory of 1688 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 220 wrote to memory of 1688 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MiniIE\COMCTL32.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\MiniIE\COMCTL32.dll

Network

Country Destination Domain Proto
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240220-en

Max time kernel

148s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe"

Signatures

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DA8D94-9D6A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CLSID C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TreeCtrl\CurVer\ = "COMCTL.TreeCtrl.1" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\MiscStatus\ = "0" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4D83600-895E-11D0-B0A6-000000000000}\ = "IListView" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4D83604-895E-11D0-B0A6-000000000000} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\MiniIE C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\MiscStatus C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA50-E020-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8B0-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\Control C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA62-E020-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E8C-DF38-11CF-8E74-00A0C90F26F8}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA40-E020-11CF-8E74-00A0C90F26F8}\ = "IButtons" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6B7E6391-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E8C-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8AE-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BF877894-E026-11CF-8E74-00A0C90F26F8}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E82-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E80-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E88-DF38-11CF-8E74-00A0C90F26F8}\ = "IStatusBar" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF877896-E026-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.Toolbar.1 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\MiscStatus\1\ = "131473" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9ED94442-E5E8-101B-B9B5-444553540000}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7791BA40-E020-11CF-8E74-00A0C90F26F8}\ = "IButtons" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\Programmable C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D95-9D6A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\ = "Common Dialog Open Property Page Object" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BF877892-E026-11CF-8E74-00A0C90F26F8}\ = "IListItem11" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF877894-E026-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\Programmable C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.ProgCtrl.1 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\COMCTL32.OCX" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}\ = "ITreeView" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4D83600-895E-11D0-B0A6-000000000000} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{373FF7F2-EB8B-11CD-8820-08002B2F4F5A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Programmable C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8556BCD2-E01E-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E944-850A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9ED94441-E5E8-101B-B9B5-444553540000}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2072 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe
PID 2072 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe
PID 2072 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe
PID 2072 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe
PID 2492 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe
PID 2492 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe
PID 2492 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe
PID 2492 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe
PID 2724 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe
PID 2724 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe
PID 2724 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe
PID 2724 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe
PID 2724 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe
PID 2724 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe
PID 2724 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe
PID 2724 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe
PID 2724 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe
PID 2724 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe
PID 2724 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe"

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe FirstUseC:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE.exe

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_Info.exe MiniIE - ÕýÔÚ¼ì²é¸üУ¬ÇëÉÔºò... 1 ...

C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe

C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe -filelist [T:3][U:http://miniie.com/MiniIE/Update/FileList.txt]

Network

Country Destination Domain Proto
US 8.8.8.8:53 miniie.com udp
US 45.201.242.64:80 miniie.com tcp
US 8.8.8.8:53 www.goodtv.cn udp
US 8.8.8.8:53 www.gogois.cn udp
US 45.201.242.64:80 miniie.com tcp
US 45.201.242.64:80 miniie.com tcp
US 8.8.8.8:53 www.goodtv.cn udp
US 67.21.93.228:80 www.goodtv.cn tcp
US 45.201.242.64:80 miniie.com tcp
US 45.201.242.64:80 miniie.com tcp
US 45.201.242.64:80 miniie.com tcp
US 8.8.8.8:53 www.miniie.com udp
US 45.201.242.64:80 www.miniie.com tcp

Files

memory/2072-0-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/2072-3-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/2072-4-0x0000000005A90000-0x0000000005ACD000-memory.dmp

memory/2072-5-0x0000000005A90000-0x0000000005ACD000-memory.dmp

memory/2492-6-0x0000000000400000-0x000000000043D000-memory.dmp

memory/2072-9-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/2724-11-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/2724-14-0x0000000004710000-0x0000000004719000-memory.dmp

memory/2844-16-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2492-17-0x0000000000400000-0x000000000043D000-memory.dmp

memory/2844-18-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2724-19-0x0000000010000000-0x0000000010013000-memory.dmp

memory/2724-21-0x00000000059E0000-0x0000000005D27000-memory.dmp

memory/2724-22-0x0000000005D30000-0x0000000005E65000-memory.dmp

memory/2724-37-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/2724-38-0x0000000010000000-0x0000000010013000-memory.dmp

memory/2724-39-0x0000000004AE0000-0x0000000004AEE000-memory.dmp

memory/240-40-0x0000000000400000-0x000000000040E000-memory.dmp

memory/240-44-0x0000000000020000-0x000000000002E000-memory.dmp

memory/240-43-0x0000000000020000-0x000000000002E000-memory.dmp

memory/2724-45-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/2724-46-0x0000000010000000-0x0000000010013000-memory.dmp

memory/240-57-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2724-61-0x0000000010000000-0x0000000010013000-memory.dmp

Analysis: behavioral21

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240221-en

Max time kernel

120s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe"

Signatures

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.OCX" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS\ = "2" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.OCX, 1" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID\ = "InetCtls.Inet.1" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\ = "Internet Control URL Property Page Object" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.OCX" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR\ C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version\ = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Control C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1\ = "132497" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID\ = "InetCtls.Inet" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Programmable C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer\ = "InetCtls.Inet.1" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_2.exe"

Network

N/A

Files

memory/1996-0-0x0000000000400000-0x000000000043D000-memory.dmp

memory/1996-3-0x0000000000400000-0x000000000043D000-memory.dmp

Analysis: behavioral28

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_SDD.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4296 wrote to memory of 4232 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4296 wrote to memory of 4232 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4296 wrote to memory of 4232 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_SDD.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_SDD.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 udp

Files

memory/4232-0-0x0000000010000000-0x0000000010013000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:01

Platform

win10v2004-20240226-en

Max time kernel

155s

Max time network

163s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_StartPage.htm

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4284 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_StartPage.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d13e46f8,0x7ff9d13e4708,0x7ff9d13e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,4600984078504331160,1885039115636727746,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3416 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 unstat.baidu.com udp
US 8.8.8.8:53 weather.265.com udp
US 8.8.8.8:53 miniie.com udp
US 45.201.242.64:80 miniie.com tcp
GB 172.217.16.227:80 weather.265.com tcp
GB 172.217.16.227:80 weather.265.com tcp
US 8.8.8.8:53 www.265.com udp
GB 172.217.16.227:80 www.265.com tcp
US 8.8.8.8:53 count29.51yes.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 site.baidu.com udp
US 8.8.8.8:53 64.242.201.45.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 45.201.242.64:80 miniie.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
GB 142.250.178.4:80 www.google.com tcp
HK 103.235.46.234:80 site.baidu.com tcp
GB 142.250.178.4:80 www.google.com tcp
HK 103.235.46.234:80 site.baidu.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 img.hao123.com udp
CN 58.254.180.65:443 img.hao123.com tcp
CN 58.254.180.65:443 img.hao123.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.46.235.103.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1e3dc6a82a2cb341f7c9feeaf53f466f
SHA1 915decb72e1f86e14114f14ac9bfd9ba198fdfce
SHA256 a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c
SHA512 0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

\??\pipe\LOCAL\crashpad_4284_HBSZRIERMINNPWDR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36bb45cb1262fcfcab1e3e7960784eaa
SHA1 ab0e15841b027632c9e1b0a47d3dec42162fc637
SHA256 7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae
SHA512 02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a8e6af4c1f9a5b5835ddd885401aac1
SHA1 35012ca842d398915e51d84583fe68820cc542b1
SHA256 8362b4c501ba55bfd0b3f4671884b7b2461e312d70653b78d84f62e3d2156b43
SHA512 75ebc59aa80376326a3ba3dbee69d61df175ffed9d473ee35a960ef6e8c24b1a40a75c828979213331cc34f33664b5b0dbc9a14a2b12493ea6a9d14a56875a6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f1fb66f88be4cd7cd8569aa54717e240
SHA1 c887b67f6913f6c95cdcbdd7c364bd5e1fe332d5
SHA256 9e5e6d675910a6c41b18f8f56456c55e0b83b1e305a52eb5e61f9563cdafb224
SHA512 d780a48a277ab2b9e3ea584704685f145b31055382fb6f2a162a2eb12b15f146b37893bd161388481033a7668c24044b7801ee9ba87f57c6466ac8be26aaa060

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a31acbcfdb466b5f4930d43d7076f0c
SHA1 f216ffecd6390aa1a544abb5b2df2b95d12dc434
SHA256 83c470f4ee8703826457089c2a4cd5c48c658e722b752244c92103404cabc933
SHA512 9ac2fc66008490a32822f6a3305d668e62bb93adacdea154acf8265a3498069230e0f56aebe849edfaa304b51bad9bfefb1d6c82bbcf0b650f8bd1ad224713ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 434ed5c66dbfa6acd12bdfa1028286ee
SHA1 dcfe75906d65f9a99fbc0246c76fa6b8b3f43ca4
SHA256 5908836a4357555ad949c63589d8d143c5104ccfb1bdcf02b66de7e98dc29a28
SHA512 90bf7ad694bf4c343033c1e625ca9600605cd926419eb545f551492f29472ed09beef568b2508420ab1e305c5dbaf78930091a2f5192ad771ebdbcdfe150586d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 11fa8f6cd62f2e6ca50d7792251aa575
SHA1 dfc54df9cd12fd567fe2112437f4df35655d404d
SHA256 0d6831c2353ddf321655aa4bea1a150a4cfdcd594d119337083e325ae8321da8
SHA512 e163f8e9c75117737dd77f5429cab910d05f491b6cf421a9ed13842f08c9c1afd0501224b191c059bb1c912de636161e4ca961362292a022f7759aad31855e1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Analysis: behavioral10

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_StartPage_Top.htm

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3900 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 3016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 3016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_StartPage_Top.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd022846f8,0x7ffd02284708,0x7ffd02284718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17191182828172546206,10117556359531246506,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17191182828172546206,10117556359531246506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,17191182828172546206,10117556359531246506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17191182828172546206,10117556359531246506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17191182828172546206,10117556359531246506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17191182828172546206,10117556359531246506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17191182828172546206,10117556359531246506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17191182828172546206,10117556359531246506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17191182828172546206,10117556359531246506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17191182828172546206,10117556359531246506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17191182828172546206,10117556359531246506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17191182828172546206,10117556359531246506,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e1b45169ebca0dceadb0f45697799d62
SHA1 803604277318898e6f5c6fb92270ca83b5609cd5
SHA256 4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512 357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

\??\pipe\LOCAL\crashpad_3900_CRTDHICTJILXHWRW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9ffb5f81e8eccd0963c46cbfea1abc20
SHA1 a02a610afd3543de215565bc488a4343bb5c1a59
SHA256 3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA512 2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 61cdd012a92ff09b367f48942e441ef4
SHA1 e0a6585d57c74012c3cbe60bface315ae610de6f
SHA256 bbac807bf2a0bca1fab7337223b7f2a804c6bf2171a9fec73fb767181b913b92
SHA512 674bf9686a589bf389686f6e5351fed4ff25b8e74ee446b52210e801d0ad478445e842d7f7f3019805a412bdcac4927cd805015e31be5d5edfb909e02d4b7d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b45126785c79de1fe52c930adc0a973c
SHA1 13802ab05b7b178c678792abd0d965cebff5dba1
SHA256 05f13ce3ae07ae56912cd273cb383be18490ef17691a04d38e0c737c51530ed0
SHA512 7a6885fc35c71c28a2579e9bd0ea6e13db1a1e8ed5fb12d1fed97c25004951249559624aeacbc2a912bc63fa57bf8db439e771df5afaba7976e108ea295d2ec8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 87fa4b3612a4261f1c006cc2e3b59700
SHA1 433f8af2f1d61719808e067be20e84c932be9e04
SHA256 12bf04950be467472f63a54afe5dd42cdd32c30ee5819be65a05227bc13f30f0
SHA512 191db3d0a98fb38861433376d13fe4746968b580b8e034f645e9c1962f5557d01dad351ae939a212b1d3068981c290f16f6052637bfcd6158a45176da93e9d5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Analysis: behavioral11

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240215-en

Max time kernel

121s

Max time network

123s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MiniIE\COMCTL32.dll

Signatures

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ = "IVBDataObjectFiles" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA60-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E84-DF38-11CF-8E74-00A0C90F26F8}\ = "IProgressBar" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83600-895E-11D0-B0A6-000000000000}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8AF-850A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DA8D94-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\COMCTL32.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\MiscStatus\1 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9ED94441-E5E8-101B-B9B5-444553540000} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{373FF7F2-EB8B-11CD-8820-08002B2F4F5A}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.ImageListCtrl.1\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8556BCD0-E01E-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C787A52-E01C-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A7-850A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\Control C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C787A52-E01C-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\MiscStatus\1 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0713E8AF-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BF877890-E026-11CF-8E74-00A0C90F26F8} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E8A-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7}\1.3\HELPDIR C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\COMCTL32.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\COMCTL32.dll, 1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.SBarCtrl.1\CLSID\ = "{6B7E638F-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8AE-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E82-DF38-11CF-8E74-00A0C90F26F8}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA62-E020-11CF-8E74-00A0C90F26F8}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF877894-E026-11CF-8E74-00A0C90F26F8} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7}\1.3\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\COMCTL32.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B7E6391-850A-101B-AFC0-4210102A8DA7}\ = "IStatusBarEvents" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8D0-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{373FF7F2-EB8B-11CD-8820-08002B2F4F5A}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TabStrip.1\ = "Microsoft TabStrip Control, version 5.0 (SP2)" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7}\1.3\ = "Microsoft Windows Common Controls 5.0 (SP2)" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E791-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BF877894-E026-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0713E8D0-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6B7E6390-850A-101B-AFC0-4210102A8DA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83604-895E-11D0-B0A6-000000000000}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7791BA40-E020-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA50-E020-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0713E8A5-850A-101B-AFC0-4210102A8DA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4D83603-895E-11D0-B0A6-000000000000}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TreeCtrl\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\VersionIndependentProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E953-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A5-850A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2108 wrote to memory of 2304 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2108 wrote to memory of 2304 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2108 wrote to memory of 2304 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2108 wrote to memory of 2304 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2108 wrote to memory of 2304 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2108 wrote to memory of 2304 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2108 wrote to memory of 2304 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MiniIE\COMCTL32.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\MiniIE\COMCTL32.dll

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240221-en

Max time kernel

121s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe"

Signatures

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TabStrip\CurVer\ = "COMCTL.TabStrip.1" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.SBarCtrl.1\CLSID\ = "{6B7E638F-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7791BA52-E020-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF877890-E026-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\VersionIndependentProgID\ = "COMCTL.TreeCtrl" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E8A-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9ED94441-E5E8-101B-B9B5-444553540000} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A3-850A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8556BCD2-E01E-11CF-8E74-00A0C90F26F8}\ = "IImage" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D95-9D6A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\ = "ListView Columns Property Page Object" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0713E8A1-850A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0713E8D0-850A-101B-AFC0-4210102A8DA7}\ = "IProgressBar10" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA60-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0713E8AE-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E82-DF38-11CF-8E74-00A0C90F26F8}\ = "IListView11" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TabStrip\CLSID C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9ED94441-E5E8-101B-B9B5-444553540000}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4D83602-895E-11D0-B0A6-000000000000}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF877894-E026-11CF-8E74-00A0C90F26F8}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\comctl32.ocx" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA50-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DA8D8C-9D6A-101B-AFC0-4210102A8DA7}\ = "ListViewEvents" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E86-DF38-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E86-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\ = "TabStrip General Property Page Object" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA52-E020-11CF-8E74-00A0C90F26F8}\ = "ITab" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E88-DF38-11CF-8E74-00A0C90F26F8} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8AE-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8B1-850A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{373FF7F2-EB8B-11CD-8820-08002B2F4F5A}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\MiscStatus\1\ = "237969" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83604-895E-11D0-B0A6-000000000000}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7791BA42-E020-11CF-8E74-00A0C90F26F8}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\ = "ImageList General Property Page Object" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.SBarCtrl\CurVer C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.ProgCtrl\CLSID C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7}\1.3\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\comctl32.ocx" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9ED94441-E5E8-101B-B9B5-444553540000}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E953-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B7E6390-850A-101B-AFC0-4210102A8DA7}\ = "IStatusBar10" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D95-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0713E953-850A-101B-AFC0-4210102A8DA7}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA60-E020-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DA8D8C-9D6A-101B-AFC0-4210102A8DA7} C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8556BCD2-E01E-11CF-8E74-00A0C90F26F8}\ = "IImage" C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE_FavoriteBox.exe"

Network

N/A

Files

memory/2060-0-0x0000000000400000-0x0000000000419000-memory.dmp

memory/2060-3-0x0000000000400000-0x0000000000419000-memory.dmp

Analysis: behavioral29

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240221-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe"

Signatures

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\ = "0" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID\ = "InetCtls.Inet" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1\ = "132497" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\msinet.ocx, 1" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version\ = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Control C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer\ = "InetCtls.Inet.1" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS\ = "2" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID\ = "InetCtls.Inet.1" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\msinet.ocx" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\ = "Internet Control URL Property Page Object" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe

"C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe"

Network

N/A

Files

memory/2844-0-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2844-1-0x0000000000020000-0x000000000002E000-memory.dmp

memory/2844-2-0x0000000000020000-0x000000000002E000-memory.dmp

memory/2844-5-0x0000000000400000-0x000000000040E000-memory.dmp

Analysis: behavioral32

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

146s

Max time network

152s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\MiniIE\新云软件.url

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\MiniIE\新云软件.url

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4032 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.201.106:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:01

Platform

win7-20240221-en

Max time kernel

146s

Max time network

157s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_StartPage.htm

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc500000000020000000000106600000001000020000000b0db4d5cbd5d57249c662db9e8912bfdb865b486b6c513f8b47cebb694b4e032000000000e80000000020000200000009548fa306737d67dfd21192c8e91dcf4739644bbfc323e7c42dcd4e6131d328920000000641f542269bd01bc0b419b999566d6db6cbc0198b010473963b69daccb929a014000000059b80501f4bfaa1bcd67bfb29e0acd49e1439efb062ae6fe912aafd3908f9b05177c7b543b6c0e77bdc2ba0c7e78a42c93ba45e097abee7c371ad98bd36d7313 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc500000000020000000000106600000001000020000000726014caef5af0774ddf6fe2cde18770dc4f44e88a0cbc3fa51b21de3eb8f7a4000000000e80000000020000200000007cd0cee11aef352287103a58035d4ceb31002671b7b0fd987a61f5fed846504790000000cf4fceb132fae4f8d287daf24db9ffa48c37d00b013cb77f9c48ca79c3186058b95e75704d6fd14f9a31a50334605c89fc1c1b65aaa5e7f6d1fcac89c98fae3dd934deb13cb2834865b538b84dfefabb69567d020ed5fa5f55d678e885fb12a6df3b1f289bbd70df010987a85f8261edfd755fb4c4c8e60c0896a8414c80906176d2981648a8f4612da089678a0503e540000000ff7c6b5a332c1fb1deba890ce247319a3281db438947bfe7c33215b120f76aa0462f6e883c3d75bd04c92d35428bb63082afa314e7d55ec76897a4ff2342d601 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{019407E1-DAAD-11EE-9502-E299A69EE862} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0885af4b96eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415776584" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_StartPage.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 count29.51yes.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 site.baidu.com udp
US 8.8.8.8:53 unstat.baidu.com udp
US 8.8.8.8:53 weather.265.com udp
US 8.8.8.8:53 miniie.com udp
GB 172.217.16.227:80 weather.265.com tcp
GB 172.217.16.227:80 weather.265.com tcp
US 8.8.8.8:53 www.265.com udp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
HK 103.235.46.234:80 site.baidu.com tcp
HK 103.235.46.234:80 site.baidu.com tcp
GB 172.217.16.227:80 www.265.com tcp
GB 172.217.16.227:80 www.265.com tcp
US 45.201.242.64:80 miniie.com tcp
US 45.201.242.64:80 miniie.com tcp
US 8.8.8.8:53 img.hao123.com udp
US 8.8.8.8:53 count29.51yes.com udp
CN 58.254.180.65:443 img.hao123.com tcp
CN 58.254.180.65:443 img.hao123.com tcp
CN 58.254.180.65:443 img.hao123.com tcp
CN 58.254.180.65:443 img.hao123.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab763B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar7D26.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7126681c1e8ba1c6ab446295f866f3c
SHA1 c9bb6a335bf85c22d9b7a056ce5f57719da57320
SHA256 6b954e01fe6b7c15ab6395e69674af1ac541e0a1b6b9af44ec17351dea7968c8
SHA512 e464f39c065c9288291d7871fdf78ccb7409d06a1a7c8b4d6f53ef532123331ad430fb3a89a672e0a517b3926101bd4dabf988198c747b862a212df50fab70ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ef373433aba1de9c0bfd4b66332e3f6
SHA1 11c2bacdb7903f8ad7e4fe66e1b0f11c17a4503d
SHA256 4381a7be342f817b64f01d9c7da9d95ad3a85a0e4d0c9a59d29da55afc2ac769
SHA512 022dc3a11a0dfd6f3855f324f83c6c1ec9a0f82ed0e658357551202ed172c20083e03a09e185d6cb59838eb5045de2e6e765459ed3e04abf366e4bd4a8d33ddc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2853d65619cd03cd0448a72b44340935
SHA1 482faeccbdb0bdae526aa06dc5cbe6d2b6ce0166
SHA256 47dd0b8448d55f88fb7331038bb7e3c333115dc8ea14d1febe40c24d5bb9b7a3
SHA512 36ecd8b72aab0f90f7a3e54c9be822592963f8ce0ef8b4eba2e68472ac7826c43a47300ec560e88d773eac61cc0e9c31bc4123711aaafb4ccce3324f0e4a6de2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7df39083bfe059905c6ee33c4072d587
SHA1 d15fbcd9ec96f67ee21d1eb01b7dd8cfc4b237b0
SHA256 8c15f2d90012c76b8e54dab47aafe40f308ea3731f495f81246bb429bfe3f1b7
SHA512 cd6331d792d6841f13ef4f3fa22690b5221e8951d8549989c75899ac3a8004ff1387ae77c6a9ec75241fb0647dbb027c616a92bc30eab56ec5fc189f0afeccf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b5195166f6406977372c59ab9213e4f
SHA1 b439e867bbf5512817690c8ec5e913906249490f
SHA256 e83b5c3397bb3ef581cc883e081e6647e71c725a4043d55bfa701488b54cc6a9
SHA512 4c0913b718b3319f984427167b566e05ca4b6e4b4990de15afd59673538a3ae7cba532d6f454e9db0891e93cdd9e3b5019739128542d1ce216125ed5f4432ee7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7bbf1403e57bb478a586bd79aea5e15
SHA1 a792e878713baf360f3a8a5d13af04cdfcc130bd
SHA256 cd01420a805d55c457e6b2c4e93ad153409687aece39b74af974d3a77a7dd162
SHA512 f739fe0aa7ed817fa42743f0d08a727b66b50c727787132fd2c5c90200303ff4c9479aa33ca871e8fdb10f344c90358bedb97f68aa9ccc67be82a0cba41d475f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3723a785e23d10fce991464cdfa88730
SHA1 34741caa98dcec0c5dd91d5bcc5a5cb0f2519d4e
SHA256 f6c39b37182af0909cc37e10e0cd7dac925a7ef0685008cbf444fbfd2db41142
SHA512 741da3134abac287e528b671cd96b4bf37b982ea474b2b5606ba10f6bf1c7e96f09c8fb34a80c0e91430736f024332f3d7c73a9b30f2790060f886cd5d0e6562

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88da7b31f6cf1f9b9a7973c25e7632f3
SHA1 bee1c77c92aaa44f2cd4fe3a19673da356f49fe0
SHA256 18168821c22ca96180b2617a045dd042527fa0ff278db553a33bb6b8d9c1b549
SHA512 5a89d1b8dc7af1b91ce9e45bcd25fd14bb96e54d9ba33df3e83ad43ebae6b7690dcaac1c4c7ad9a4edcba829fc4c5a543e53219fd08bbf3a58fad64bd96a24e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56fae3cd29aaeb5fa07dea1c31a8b92b
SHA1 64c6abff3f6fcac01fbf80abb97c2a2bdabe3b1f
SHA256 14e2fad946a5c82006d3f9140e09834d660d7496babf036b66431f9831d183e2
SHA512 a196ece612991bdca572f4d0cd07dc79f1e77ff8d9ae665462bf88bc1124d36b4f5a2b6e947d309e06596eac4bd32741e8f6c2b00c48e1ee85ec5ed328ff2378

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edf3320c0497fe2f6d189641c3acd741
SHA1 bb415ecce92c15c8b1df0519f458786c5c46234e
SHA256 6927621dad3edc42dcc773e4ab7f77c6ee9bd17db1ee881752c0c56890c8eae4
SHA512 fb48139c11efda6f2776fbd75129bc0c99890a49d25f5583505d9465eede01f819df8c3fa9abb22e9189c0a4f5391f32463577266121c85dec26a19acc80ab20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0beb90d6e7e6b4b60860e86c0f751b6d
SHA1 2e3b60aef3195c0d79bf7cc844ffd0accff66f56
SHA256 2b75eb30cae88a8d96a483f5e29c3e103de2400219dd6a2e3bf15d837f869f49
SHA512 e80820955c68e1b161d4b15bb896b44999d1f463b846aef7d2a450c6242b077a9a9d810655725468654ac6f83814611111672dfcd6645d9b0349d0db9e98fbc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed7c09253d4a6c1e3333c6949f31d12e
SHA1 f6114d9f9fe366f718c70ff5c95cc48e4e2ac479
SHA256 7fd8649dfa59b43df797bb842540cf003a09514ed94d08820eea9c869885b454
SHA512 4b56073e3af81f1187dbc8d04eac14afd28cefd21458ae964eed34e80fca160d3758cc7f77667dc7b20ceaf918a55cbbf9c52a32ad305c30fab63a277c1fbde1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c63dcea929294a05360e60d0b55b980
SHA1 164f1a5703a2785c17145189a121c0f5c153571d
SHA256 a9e27b300a8942dde8705a76658f20d120672b3dd3e0aa8e89b0f1e86f9e79bc
SHA512 11bd184293865d3c360354990730ac73853ca5150c5d1672e741c54de82acbb488fbe8fed064eba8d08667137c1c36f858abaf2c87f5c2e53c4f31981e8dcca3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0712eb6a615671d5bfa07139db9f135
SHA1 73c5406676f32551a69c50e1d58dfaddec6a7f92
SHA256 b298adb67777924271af307f8c831213bba8cedce93f41ff56f69c757364a63d
SHA512 3db57c0da0fe953050aeecbefa53b2b6633fb5d51bccf36228f41c5e3511ddda2181360be1d1b897f9855465bcc7e45ae91b00b8bb4ab5ff5ed25ec13b57ab0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1c1b26a1ff42a8ea7d6dc94e87cc785
SHA1 ad4a5e2d9686c51aa747b09344edc6153683c7b5
SHA256 c9d464396caac0ccf0d9bc117be571d575ac16d623842dc4fba77ed303c64794
SHA512 af3f1725ba67a5eaa9ba4c823db4cd450af88efbd5e553260157fab7d86eee0799ac33180376848c921e4fd56c894220378a201fe24aed63f58d73d35c4b53fd

Analysis: behavioral8

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_StartPage_Bot.htm

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5072 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_StartPage_Bot.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa93e46f8,0x7fffa93e4708,0x7fffa93e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1492,10529791163676108892,1563822913952775231,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,10529791163676108892,1563822913952775231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1492,10529791163676108892,1563822913952775231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,10529791163676108892,1563822913952775231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,10529791163676108892,1563822913952775231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1492,10529791163676108892,1563822913952775231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1492,10529791163676108892,1563822913952775231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,10529791163676108892,1563822913952775231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,10529791163676108892,1563822913952775231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,10529791163676108892,1563822913952775231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,10529791163676108892,1563822913952775231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1492,10529791163676108892,1563822913952775231,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 /prefetch:2

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 52.111.229.19:443 tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 279e783b0129b64a8529800a88fbf1ee
SHA1 204c62ec8cef8467e5729cad52adae293178744f
SHA256 3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA512 32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

\??\pipe\LOCAL\crashpad_5072_GQWPVGEAXPRQNBAS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cbec32729772aa6c576e97df4fef48f5
SHA1 6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256 d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512 425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b7bc452e0759bec30a91a73002865c66
SHA1 e2f3609c33acc41c89e62fb9dfe336cbb3bcb581
SHA256 fdfbb8e580ac1c01780c1ef5a1399bd7d442cb47da40e3e0e45b368ab322a91b
SHA512 96a14c2b07e0edbb02ff593126ff5e7e43751b14ffa6c628bc102ec616ea226c3af21d32b290e5682c5178179093b4c30ba5e0a5975de0292a9efcedb2e622b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e246f2e1d10aa5e4fe65219eb1ab4b8
SHA1 9b39487cadf21ec5ae832d388a8cf5cbaebb55c1
SHA256 68affeba579d4ddbb570360ca74699101ca887580fc5be695b6b7837a0c898db
SHA512 1121abcabf3e492afeff6b7333e536899236fdbe7712fdf496f5f3d21dba00ce2d481ba220ff2f1ae3e3e3923dcbf687789bd010311191eb089ba5d30d3120b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 afa3f21d5c42702839e3e434e0c39545
SHA1 a352feae2b917152dbdb4388c59f5f3d9ddd62b2
SHA256 8e225407d6453e25b62c5b0aab2b0bec0f4f781bf5bc8fc096e905af0a3c1a83
SHA512 0368ddbfa9d6f272a49e638bbce7d96bd9da1a668ce8336dbed2fe8048831759a3a3469fc98cbb506eb9f3e3f3c41961d5d5ab200fa94f1a890e7ae1df3e24c0

Analysis: behavioral16

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

130s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MiniIE\MSINET.dll

Signatures

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID\ = "InetCtls.Inet" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS\ = "2" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer\ = "InetCtls.Inet.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\ = "Internet Control General Property Page Object" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.dll, 1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Control C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID\ = "InetCtls.Inet.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\ = "0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\MSINET.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR\ C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1\ = "132497" C:\Windows\SysWOW64\regsvr32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5008 wrote to memory of 2824 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5008 wrote to memory of 2824 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5008 wrote to memory of 2824 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MiniIE\MSINET.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\MiniIE\MSINET.dll

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE-Capture.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE-Capture.exe

"C:\Users\Admin\AppData\Local\Temp\MiniIE\MiniIE-Capture.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/2068-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2068-1-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral30

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win10v2004-20240226-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe"

Signatures

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\msinet.ocx" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\msinet.ocx, 1" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer\ = "InetCtls.Inet.1" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\ = "0" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MiniIE\\msinet.ocx" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version\ = "1.0" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\ = "Microsoft Internet Transfer Control 6.0 (SP6)" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR\ C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\ = "Internet Control URL Property Page Object" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS\ = "2" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1 C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1\ = "132497" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908} C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Programmable C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\ = "Internet Control General Property Page Object" C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe

"C:\Users\Admin\AppData\Local\Temp\MiniIE\Update.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

memory/488-0-0x0000000000400000-0x000000000040E000-memory.dmp

memory/488-3-0x0000000000400000-0x000000000040E000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240221-en

Max time kernel

135s

Max time network

137s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_ErrorPage_Search.htm

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415776572" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007823eddbcee3e149bc4db86b21295af60000000002000000000010660000000100002000000076252241afbd43acc46fd73f7d9d690cf897b9efed9fa87026fb89e3cc7c79e1000000000e800000000200002000000007d5fae42140462310ce62a60a81de06d41fae29c9ff429feef89a0dd01f3168200000000019f6be19053ec18507982b308ea1d9f80b08ece4ff3268d0d27df0c93264d5400000004026e16cd2b31aff106457e76e4da972c534234fc25783f5164ebba966dbe266f3d9017c5a1bffe324ff3c4a76f3d5bb6e8ef39bd754deefeaaf2e69ea37f919 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90cd5ed0b96eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007823eddbcee3e149bc4db86b21295af600000000020000000000106600000001000020000000e26d9903e421570daca045032642e1c05b51a0f1346bc5bfec5abcacdc600cf9000000000e8000000002000020000000589cbbbf65ba4c14b24f28658dca0da47ee74e8cf2184c5e3a88fa59f6b1dbfb90000000f79f0b835eac49d675d3d505ea629112e16d3e59f266aca877205c507c26bda7bcf6dd11dab463604de861b722ed83dc6b973a20368c4d27314253cf5305f14f7d675340012e0282760a54eca1921912e17bfbe2b2b9327a3ab7ea299e9ca4c1efcd77b29f327d7a14faf890fa880e5a88997353b63d6f49f4c2c388263f80c212e653a4b3d93b9c44cd757f77ba37b940000000227e30da9c03e4caac389187f5aa159ff945afa38554563b106c8e5453dc11b957f572e5ecc750eba12c63f97bccf0521dee4f420ddfe5a1a65a0e23baaf72cb C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB300391-DAAC-11EE-9782-6A55B5C6A64E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_ErrorPage_Search.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar6917.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90eb36f7e11a917fa3e489e56e4a1ca9
SHA1 4a7f2f93c2e86001ca5d71a96e7b9915ef269be4
SHA256 e410ab2d6b44c6d367102275c003e3a9266ba86fc5f035bae1b3c1139598de76
SHA512 ee5bd49ba926c6829012b89c8b083220e81d21505675f6bfb4686c794ecfa4db946dc35443e12cd1a1828f326580076620199438b967ce5301e2be22d09ca6f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d390405fc462dd2164f85f14709f53b
SHA1 c3ba50607ce08ad46b74b0cbf744545ffda4b247
SHA256 f9147d1e555aeae09deb488fc900a817cd1814b87a5aa90f3849c648379062f9
SHA512 34d2003a99654a1d5b989fe168acb610579c419daedf2558810f4c9d5e727a8c40441a99192bc884f9fce0c50c96160a062f452db84c76f5d5b753e6bb33b9af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7593485c477d0702d5b3b380f5bf5749
SHA1 be1526606c824fa10ae323698d97e80b1941348e
SHA256 930daea94efdcfefc0e902d20149084cd7bf0c71ab81a5fab6ef9eda6c62c181
SHA512 327846d0a74cdf02cc407f096e0b9419ca468d7f8e78becf2a26515929e58578fb2babc51ec5d490011d44824d9c65f87dbfac4b6c64a25dce6e0276dc05cf99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86ae0e8060d4ef848ed9a8913305ed45
SHA1 dba63f1ebaec7c4ffbe8d18ec9d6444c217de665
SHA256 15fa665275667acd1662cd6dda0befe0038d78e17e8c553e4bbee629df2d7fd1
SHA512 5e2100fea0996329d92def71b87cea8cd4a9ee856e1f6e6fd0dfff377a41a8c1119623d810900924eb0edeeccd3a2c9be7f77973bd2210ee19993f4e01247e14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c8de925cec0ff77cf3a7a770b00f2aa
SHA1 97ecf8148ebca194855d07443844c8fe107eee35
SHA256 fd769c79ad624a5e1aff5307acb3afcea7fb47777de425b52a7c63db259ed292
SHA512 3dbd68a8c6b7d50982390c7ef900c94d4c5a40169baad548bc4991ba2fe223f80612469048d91c545ae12794e67ddc3457a10256fc660ae6b16de7e959d4cd2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca7ad89aeeebd1d3ef830b2284041410
SHA1 8c242aa0bad72c5ec0c96dc6ab72c1b45588e9a9
SHA256 d339cc966713782cd7b54221348125e659ca751f8802d29e282ed351c5da4531
SHA512 852debd132b13661d3408fbf6d0f4b488ad00c3dabdf63496b3b96b68456e4d57771c36b57ee59005e6841a0f22bb3e6a45290e47050319fe0a320863b6b6a8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30c110fc6e5046be3d9350d431b3025c
SHA1 42b170e8da0d94ca0cf2bc3328743d42c020cc52
SHA256 d8d5206e763b4e17e01d6de6130e243dd0dea2dc3b47e8ce31bb67ed982d9c73
SHA512 f5a787e53f6aaf3c34942b1a0d8ff4692cdf5dd280439862bf602f573fb46510a8908fc03bbdf2dcdda6f1436d9910db4d2d7b01c8c67cae8002cdce803b9232

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a35ba13edbfec702b92fe759d773b6e5
SHA1 3c162ac2f687746d32182a5f9457575dccd66a7d
SHA256 c00132dffa66822e7595feb60e4c57e250c40a56ba74c7d58f71f0f424dcd794
SHA512 e1cc3d08828c1d2329be174f1428992ceb0870fad6a288d5d65ad7f6bf525f5df4f061347231858b0b9b8ac39c99f063ce0ff6b4e2f11938b95f5adbf304486a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7813ae096bbe235a558f25f4c7b43de0
SHA1 1b07ef551233cebd8e53b19291cb56bd503102b9
SHA256 319f6faff4fcf1bf9d7e5e6581f8919d3c3c5dc128c16beede4c986d98e016b4
SHA512 b42fbe076a4a260ff552b3607641ab2e7f92c406437caf483eb4d2d660e4fe41d478252cc7d6cd2c0178e932666f32587d95de3a41be84e8ebb829104ff7bfd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c92edd80d2244488d41fc2da9b41d40
SHA1 2ad2a5b99b130a9d3cc5d6b38688c8f5a546482c
SHA256 1ef2bdb9ec9e72e407947c378f40fa3466dc8df177c6249b482a6a6a981f4232
SHA512 77b69df1b86ac9f7621fb4d3bf74123032475260774e836fe80315729910c3917c347c6f7ebdac38e836cb4c9f3eba26fc53555654869cd9c7469b13985933cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 598d9133f8496c06e8733ec9f9ca0b37
SHA1 067daca6ca543688251fbfbf0e766d4a8a7381ee
SHA256 32bab912a33dc46cb925fb0df74d107e2b071f3f8294a6d54d9ad9a9304bd353
SHA512 5f55f29189277542911661ad66619997bb79fe05dc2cbb6d47b3d66a443012971e83618058bb01d9c57b5cfa817cf5269e01ed08635225142dcfd62be7f18710

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7f9a217b9bb84505adc1b749334cba8
SHA1 6a2388f72e0627f179fd0e5976431c841b686c9b
SHA256 a5ff3e023eaacab59a0d7a45d5601f64385e93f9b495cbf22b106c57c926ed75
SHA512 b049132855751c4a3b99f03a427e9dc36ceb7bd497e37e30b247a10bf1d4ee810aea28bc40701f75a08738c964a5ebdcb9c02a4ea3e79951003c80f2b7732648

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06ffdcc77e7ffbe9e6a62e1955c854d8
SHA1 9e142c77c5b713581eb3a1484c3ab7f186168195
SHA256 988e6aa0e0f71a12e7d3f53350796c7ad9ef04f00adcaa871eca85930691a471
SHA512 8bb8c0cb3e4a28be357a4849760b33538b18624f8a651f0a86c6aef7867e76fab18d2085e74f70b0b2fa7c35181fa5ae3e84c1b5c937ec9ca93eb1883c6eb9ca

Analysis: behavioral9

Detonation Overview

Submitted

2024-03-05 04:58

Reported

2024-03-05 05:00

Platform

win7-20240221-en

Max time kernel

122s

Max time network

125s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_StartPage_Top.htm

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB565041-DAAC-11EE-9B26-EA263619F6CB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 604e30d1b96eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e000000000200000000001066000000010000200000002d5cbe0e85379455a987e3a5698ea67412d338a7d1074fb64069df964682238d000000000e8000000002000020000000b41c2bb3d109f500e613da2a3547e263d54aabd8124c7f08aa79dfb63ce2ef5c90000000a43d1b686979ec013b5df761480aa47c47867513120513b310a7dc2230997df969f32452b38d22282a1d32f10398f6a49dbfe352643311a1a48ef0c45ecd3649cafde9ebdf9a1996889211849db669fe3c6adfe90ccda2d4ff29436dabce4680a14be8bcbfc7fa97dc9b90876541e47ef5c98464ad1eb6b6db484554d266c2ae16de5e20008737108036741a6c05eb8d400000009f7a706e41171b2946e242fb275aa9e170c2ac273d70c9a2a9978a772b8702b53860514149ab713fb9eba08e443c268ef04937a06129f955df6a12bd17777728 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e00000000020000000000106600000001000020000000523f5e8fd775eca7eca018b2c731fc00de87e30c71b9a059673b6c27ae1f2e77000000000e800000000200002000000085a9c2e34e72df389313d255b349d40bbaad564c19f4bc273423c814d9336db92000000007532a7ac8c2737415e78a5b2b94d490b80a20a23f9916c50d0f1f8d4e4e7095400000002759f83659fe6aaa0e65639d4ac6f838a49d6a44a20f884c4fced1001016c8699ef8963a98b548e56b957f4737aea664dc455b90c8aa62617878ad280ae37f6e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415776596" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MiniIE\CN_MiniIE_StartPage_Top.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab80D4.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Cab8212.tmp

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar8225.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05997dda6fb16e736de779a70d256fa4
SHA1 9eb3ecf7007e0bc66236a17b5db7dbc5038462d2
SHA256 ee79a40116de2b2f8122b1cdfbc9f094227db38e647f79dd8316dc1d77fb49d2
SHA512 1cd9a9eab670a7593e7b2c2de2ab601d20aec6d9cab78f6e4be2b8162620d631dc78f1f0fcaca5c8bf6eedaba8096eb3f45e90007cb180f82c9d82b46533bfd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 411fe8fc59e165276c9d0e80e5d9b43b
SHA1 53bc6f36176764142649c14b53761e6f07f32049
SHA256 c6c6ddd25d5af0203544dc438d4958fe71d90ed7858e184385d91035661dec84
SHA512 5f022a4781cc8f7df0855c441a4ea111bfc80fcb51ebd5f527631e3351198ad71cc11fab07300e9fa49158855769e0233ff3de5a1eb38b5b4c03064b746137bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15364c2a5dd9c481139bf62204a8d7e0
SHA1 617e269cb4f97ecff223e1b53b055e94fbcff7c1
SHA256 f6a8c3026b1ad236a10f071889968448fcdc6eafcea3cf213cbbee31eac523ca
SHA512 22992334436a77b55eabafc006db92dda6768d185b84aad5a444bbc4e22740dfcb8ebac879a84ce7a3889edf9c63c939cbb5514a93c91f785ab230c5ec23cfa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21f948478d1170a18336af3ca07a5483
SHA1 1e0e393dd07fd74e93f80f1676dafff41a6e5af0
SHA256 bf5a8ded4f36f910439583c00dff45005d856e9f2d2aaca88c616f69a2ac2423
SHA512 79a2b6f72054fb1b74b7e3f8b9d47aa0b2f08e570d61624b857ef96602611cc79f1aa1d0eb6f7e50fa0aa4b9dd670d0676ed7e660907c58b7eecdbf12084e24f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a7546160348ffe0309b43fc1caad3d3
SHA1 aefdde01cdd81631c7dc65e5dc85c770baa948d8
SHA256 dbe34e154d33e9976ae47dc34ca3dd1f648843da02e781580c839bee99bf8993
SHA512 6754a7d8c92213c732e08830330762507253853bcf477c831ba2d07689520f887953c89a3c6cbc8fa80884bba3b5709792c20077f372abae2b33c08dbf0b3c0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 febec0155cea67a28b3b1e65e57e0abd
SHA1 8f5b27476086690220a5b85b17537463deae230e
SHA256 077cac8c7ba13dcbb26dd98afd3eafef214c76ac7f3933aa6a8ede6278c046f0
SHA512 adaac45c32ca75bbba27302ee07161602e2bf6306eeac8d8f8d976dfe91f51c3d34a7f756c3e4960ea35bb50eba16d3e94163aa80d0203c4d45f5ce4356ca734

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e5dd4997e8445e029fef59b3c90a204
SHA1 e1a474e1e8145b0d3b5b1b596a6ca6967adba0dc
SHA256 98c4bfa536d7391eb5a1630981fee20dee5c961a567bb42be8995a2c5edaae9b
SHA512 140f6c73373f026a13eb0bf2cd42c87ce610ce806566a1a0426426e3701baff3e25c00f9c381d6eed61b1a707a9fdb7400daaff1cad8246162d6ce78dcc06cff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca3a91d8ea5435cbda72df0e89027d77
SHA1 bb7f9d43a91573e3ffdd1172508913235dbafbf8
SHA256 e87fbf06c2df623b0f4117b1016bb1a6283b809ef563732061931886cea2bd7d
SHA512 69c89daf7bc218a4ac90fdedf2e9a7536814d9bff9c79c9a3ec23dd8e02df9e1e1d731b0c27a47d7be71b49a3344bbd025078151cc80a581e5581c5fada87ec4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69e917b4c43fee249e1b74b258454cae
SHA1 02536024467a3a61ab5ccf57717a5dbc87e4656c
SHA256 22ff1116b09434e88fa0156eacc8007e5cb660cf9841fa0e6181c097c9b213bb
SHA512 b29fc2f76f7f1cf4c8132c91845b7d258f8494ef80973913b149cc5ca43e669788c80c7e20e1b1ba58923a2043bf9b50cec863277fcfbfb38282b2211cc31cc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45deedde2344d6aa29c0c889e9e8a2ee
SHA1 a53b781704fd72472cfc161191431e7b99b7545f
SHA256 0ea8a3b09e53641938b81c8e52909c17fa83bbbdaa55810abe5c20cf917d6baa
SHA512 f072ec4dc0d91a55635f0caffa111ba31e6ebed5d64ed66c8c0e7920de15e340d087668dc0e4688436b572d9ad6751a4edfab0471756d3866f8f44409ec3ecde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c74e579a1b954496fe9266749ae0bd50
SHA1 40452afce44fd2b79b5533f1597dfce35d95e18d
SHA256 2ea1654ad57ab28588a9604786a3f84badc4f16bba108fe5321a9d55b7cffca6
SHA512 e468675086447716aff85cb818736e0fa71bc970b329514ef9b8ce379a1aa45791bc753659f7e97581352ecc5dcf089ac102c723128ae69036383c48c3cd9fdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c6b4f3e86b82a4e4443b35dceb7c964
SHA1 ff0ffb8469a23dbfa242804495cce4bc2115edbd
SHA256 da65a702ec692f879c6f8f285991144a9eca9633d36518cdd90614515649cac9
SHA512 156a67b83faa1535e5572d5e36cedc33ed1327f3d7e38f7e94c6b4232baf58c7e1e289d86b0f16e712c1f7d50fe488d7cae1bfcffbec03c92c7490890fa0c318

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28afaa5ce039fdf3cab1de458da43aa8
SHA1 d0b7f4e46826cde194b4fb05e4a922da6ff2bfb6
SHA256 cc0977f5d7052a6f39f39a503b68e04d0fb785c582ba750b40fda06e53a442dc
SHA512 6d86c57c248bc2c9bb64115095fd96a96c7fa500ca8e65fcf8b6276fc39ed90b2e0539d89b096b60e671e522407b0ae82f148c11e818b7ecad438f8137ee31d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76b7b10d495f6304cd6229c26ff897f4
SHA1 d9baebfe2c4fabc8313b208c3f59cc726aa87041
SHA256 c24111782d1bb824c64c13d08409dc3b5f089e852660c5219d221c09ecc3cb4b
SHA512 5f91bc7f9fe9f905f12bfe9fad1153393db17187ef3e02efd001cbacd79087512a9377001c8af8a6c77efac2f47efca4b99c20b373bff882c83a2278dab24a03