Malware Analysis Report

2024-10-19 08:19

Sample ID 240613-wvtqba1gnq
Target .
SHA256 16b80c626cf46e6399977bed47826f5a02782d7e938125643b588a55726401a6
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

16b80c626cf46e6399977bed47826f5a02782d7e938125643b588a55726401a6

Threat Level: No (potentially) malicious behavior was detected

The file . was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 18:14

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 18:14

Reported

2024-06-13 18:15

Platform

win7-20240221-en

Max time kernel

26s

Max time network

23s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D9A07811-29B0-11EF-A8CB-6EAD7206CC74} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\spongebob-squarepants.software.informer.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\informer.com\Total = "322" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "32" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\informer.com\Total = "32" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\spongebob-squarepants.software.informer.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\informer.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c74f9fee9dbb34996eaccf64453ccbb00000000020000000000106600000001000020000000490104f5da4291c2b0482bedd65a541df401c2448e605592c39078108699f928000000000e8000000002000020000000c8d072f9ebdec8a1814c35c624fb18a33102d2859451c12ab9c1c3e84b1f896e90000000212932da816f2d19670de1013116de0e3cd28a46b2e987b5fc6a67791e6830fa7b26e1f5ff295090998db56ffc10784d74f0f8425a318d1ab8cc1609150da0d228338460106bbba65818bab1c84daba2ecf8c873e73b57f3c14ea7e6147471ec11143588bdb93df35038f8310d69b2466728511a5dc3d747f16b8ce4cd6fa02f94c3be2f473212f308dde4bdacfa09f140000000bedc264ee8c217f9c43f36c3526d11d6a46839952ed43696508ebe55e2667a1018db27c7ea10b7dd4dc497ac38c68ee78db83a99cd38957b52520399963648cc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\informer.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e03a64a1bdbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\informer.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c74f9fee9dbb34996eaccf64453ccbb00000000020000000000106600000001000020000000de309447b0df5168f7750d0b034c5f1679776a2a031d041097c905bf32f74d60000000000e80000000020000200000006bcdcef95a0afdb9405ea9a602fdccf8a3671d1549270c9908e8a183a0f281f8d0010000336f15be5d8d5a1aa4c7a8c4aface7fab3bb926c58e8d36b2a4dc00acbbb33889b89cb02ae24c7223439b9a29f1d1989f2b467e4f7a5aa95315eaffab3becc1d360b0c568782f2186f1931fb0d9388be360e6ef81a843b9977c678b3f85a32bed92d733e164267b34bed14650581b09d54ef3da9fc35922ad7abec6ce10629f90e468a43258e2ff60b6b12340fa544d853e71b4031a928ccc87906dd6466b5f2fb852a7cf4fa18fcc4c567f403c23ed8fe829801c7564ec29021df250c6846dd485a650e5405916d3e497172119a87ba7b877a1cff844dba530e0d83ed7c891b7054d8ea8f6206401281cc47d84ea409a2926a6892b1cdf0f2a0c27a97cb571e4ce7474bf5ce288c08eb8bddd3e6870806f350c30e37178436fca2105488e17441c716dfd57c571c666368aecfafd108afe21fe0ac1ce5d46438695592c4f166a53982c3b4db56d4eb9b7f36f2dfc09b83c10e11f4ebe4a97bcf21c19b63c80ac36362ac8f44fc7c833ce3d16d47202517d80504519c7a5fa2ee623552e1966cd89eac7ff2f5afed3c52f640ed0c133b2ddf93a67177daeccb537215453517e0950ac8f6e5dcb4cd188d45538516d1d9a2294a7962ad22f6e5892fa1e2bc9fa5a0cdec1be1820c457ab3b28a7f32238d40000000968e9fb8f0229b53e3f46259fb65b44a963d246bd96b2104d5c5900b2e679af71b852f68e6257fd7bd6e393d7ddd444e27882ece36830d65af4a0aade9c15f5c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c74f9fee9dbb34996eaccf64453ccbb000000000200000000001066000000010000200000005494066d063fec19a70f8d863c3e91cfe5c13bb412c80d05e34611e63b6ec1f6000000000e80000000020000200000001295af6b544f215d9d042bbcd1745e108d2998bf3a4ed3e3f87e6ed02e9b5161200000008f95efcea4852d5c73cac76ab1a6d668977e27ffea0bd7cd9ac07df9c62bc6624000000046bbe0343e064a62633de6c58f9db04cf594fafe4433c4135277d57de448382f8620fde8c94d9c2f0893c0076f917e402ad48e4a92a3c658cc0c1eaaea8787aa C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\spongebob-squarepants.software.informer.com\ = "32" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "340" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\spongebob-squarepants.software.informer.com\ = "322" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img.informer.com udp
US 8.8.8.8:53 i.informer.com udp
US 104.22.17.194:443 i.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 104.22.17.194:443 i.informer.com tcp
US 104.22.17.194:443 i.informer.com tcp
US 104.22.17.194:443 i.informer.com tcp
US 8.8.8.8:53 hits.informer.com udp
US 204.155.159.109:443 hits.informer.com tcp
US 204.155.159.109:443 hits.informer.com tcp
US 8.8.8.8:53 video.informer.com udp
US 208.94.233.126:443 video.informer.com tcp
US 208.94.233.126:443 video.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 8.8.8.8:53 spongebob-squarepants.software.informer.com udp
US 104.22.17.194:443 spongebob-squarepants.software.informer.com tcp
US 104.22.17.194:443 spongebob-squarepants.software.informer.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.178.2:443 www.googletagservices.com tcp
GB 142.250.178.2:443 www.googletagservices.com tcp
US 104.22.17.194:443 spongebob-squarepants.software.informer.com tcp
US 104.22.17.194:443 spongebob-squarepants.software.informer.com tcp
US 104.22.17.194:443 spongebob-squarepants.software.informer.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 software.informer.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 104.22.17.194:443 software.informer.com tcp
US 104.22.17.194:443 software.informer.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 204.155.159.109:443 hits.informer.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 8.8.8.8:53 d44a39d110cca4060a07c1fbe834f039.safeframe.googlesyndication.com udp
GB 172.217.169.65:443 d44a39d110cca4060a07c1fbe834f039.safeframe.googlesyndication.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 adea3592797428f397b8711115934f0a
SHA1 5b908b55d0a00047305b6221559934fd5a48ce57
SHA256 7209f400b137597340efbf19fcf86c56c9289d667f10cd9ed372e2b958c1251e
SHA512 3efd0b9c22881ae6c97a753a93b53756e76f38df37ba377aa8e5d931a057072d97881e278ac0a22a24dd0b5ed6ed7cea1b2613079f03f8047d061c941422709d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f8aa1a291d20db704aff8dcc99c0782f
SHA1 52ce8f8661c98ed78ce5e778da3ee0a6063eee0d
SHA256 67e07cd7b225a0c1e39e6977f6c9605db430dc8bc953f619b8e6576c0bbc7d0e
SHA512 ad9c5756b501c2ab332eed9f82a3d8ab1efa36c1163bf875a249071ebc3ca12866c470396b42510f73a86117d56e074bdb4e82e55d8ce14f7028168a5a350cc1

C:\Users\Admin\AppData\Local\Temp\Cab204F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar20A0.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\f[1].txt

MD5 2a897c2c21082ca2725f7b48c1ce20d3
SHA1 b484ed0b76b543331443ea50da57e430697c5046
SHA256 cdfff69581d7e56fe5c42f625d36435a28dd192a9af0e00c6fc220c60fa0ea1a
SHA512 7621f1954a958f03655a0e8bccc0ce8497fbcfdcbeae047d222a27daca9960e0a50a9ac227432c7255ce6afbff26493c47045b6c894d678ea130f5372580cc40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0C21F3C936D31B0E6C5B823B3406DFFC

MD5 f07b59f1d2f58ed38c40a1369c35a850
SHA1 dc0a594194263cc57b464ecac76fa1a07a2f31a2
SHA256 36d02702cff99e7faf4e8a622afc4acf963c77f6ae3751f83c55ced13c4023fc
SHA512 425523f68ea1a992418a7d31146a9ee9dc37709a24a556d14f478a58d383fa6d11018fb434f3d90fd7535ee631efe70ca99ab261661ff4924c688b1eea16bf89

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\footer4[1].js

MD5 75dc8c77dbd3a3245b95ef89af3b17f9
SHA1 14a099ec8e7063268bc9fa161177e6aeb3fff8f7
SHA256 67466b15c5aa4e57d1432761fd6a7e352acc9cbad12f7410ef66e4da6464045f
SHA512 682a8f1435766459320dd2351a1acdc2ad5a6e480b8ebf08046bacccfae6c315c8c8c57823119da80c22d79684ac4149268c7ca24e93afc0b46ac57449d4efc7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\js[1].js

MD5 ea2b731b2251dc41db8e3b9ff2698756
SHA1 45e3ed2969f91b9ac69884054dd83c688346381d
SHA256 2943efef5b1943ed96cc00f99c5134ce87fc01210f8e7322c635e54ec7a415ab
SHA512 49c45820d5fec3eb33efa43740b83f2dc793ce89b371f8103999ad864e963c5b6e48722764486399c4786d297c62908f4df0bb6d5fdcd7f7b55ca11a36055e2c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\SourceSansPro-SemiBold[1].woff

MD5 8099f571ccac0d27d8fedd2ce93e6e68
SHA1 aa49813df53e6a97d86412cc2c6db6903c6d4d97
SHA256 1967bc4d3f937e71a565c1d818aae0dc7d1ba9af9c1b25c32f8f5f3c0307ee2f
SHA512 b5d62ea1ce7d60fd0614e855e4eb141d8f2f04a0475395038f1e9b65d74e30ad396f6e30608e73c3bdf87520970d23022d8df82f4ca81cfe6ac209e1f5f5ee28

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\program-mac.min[1].js

MD5 85cd97b77114d8b947940876318ea390
SHA1 fb36265775c6318c860905a719d8bce4ec321a44
SHA256 3db61dbe2e3f43c2f156b1f88cd42b9874be8aa9ec8c80f34d83f58fb642ff50
SHA512 fafe1c1dc240703db540bba565700dde567e3e7c3369fa0f7ae0b5343aba8e61d93dd5e4cafa7fb88bc19c2acdfb666e2469ca25c29ec6cf5cb1d4edce7788ff

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\hilight_software_v4[1].js

MD5 df2b65f9aa6bfdf2f51eb390adc0077b
SHA1 4d6b7fe42b33fa5f06c4e77e1f0bec6cb5636106
SHA256 ac96bb8d1cf0756789b6e64c4a87d265d5843018471484e50feb007fce0f2b57
SHA512 715d930212656e3f6953023f2e6dc01d3e33d49a94042daaa24ab9c11a68af67938c42bc69d6410617dc3d025aad38a1a1505e73366b81d66c9f0125c70e0535

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\achecker4[1].js

MD5 34e0166e5d261fd8c6a06a2386cb9d2c
SHA1 0796cdff55f52799711cb7c1ef82d597c7203890
SHA256 7421c349d9b315cbfd03321f038e30a5f66a4c0cb1fb59bbaa247a9840b8200c
SHA512 eb4fe54370a90ed65aef867f0fee2341aacb5a67c733e508f62c66703f4eba1502dd5fa8d5aa79398909572534e8d4ec9b51a449b6b5c65477ec4265c46ee65e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\f[1].txt

MD5 cf8c1fc778246152acf50eb960498b93
SHA1 2eb34733c16c71b9544bcc72397354c5e06272e2
SHA256 a394137a72418eabaae108f27a572ea2f9b0efe7ad7770d541ae67e585c4a52e
SHA512 2d38d88521360c476653f086a9176e8d53f7d7d84e59ca4bb34e1d74841472218d3f4a932944746aa87c180e8e40e6c6606f2f1ae939aa70d827e9475012e2d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 702e95b2328f3837551ad79b483a025e
SHA1 584e08cd5801fb864dab43f274b3dc3411c3f6ec
SHA256 50041610b397d15917d396d08d8945b7cb964d8b4727ad231ff5ae91db3ce789
SHA512 a6be9bb864277978b660bc3d9f74eaf6c0bcb2d46a9319b6d75824a49bf5ab1288a5c6baf98f3e06931f9d7e86c2197375b3768c809a44348ff0a8463d7cf8c1

C:\Users\Admin\AppData\Local\Temp\Tar3D13.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b252f497b9e59e05af72cd972ea7495d
SHA1 437d9a51d2be37cf7b3a4fc61c69cfc6a0c01349
SHA256 a4b1f33a83f4428c7df3d09eb337c1e0e4e36e097202c35c945378b868ac7729
SHA512 46ac34b0b82fb0882feb679ecf1162a6f029026e9ea2a5a4d952127976ae8400d6e79e1e1d6ff66a9d3746388fe7ef0fc0bed4e6786a80e28b98bdd5747583cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78a152ecaad7c0b7095f7e4ff232e363
SHA1 039455d69461d775ffbcfe0008880c40cf485ede
SHA256 f141223acd6be38070df822eec3379d5cafc4745679f892099fa87716120b0ad
SHA512 a584ac51ca092a72e2e47a42bb2df1059e7dfa2731ca4f7c534dad7833c646e2f4d19f44f2d833676f5e32b346ef0dbe96416cb2ee45c55640590bfbed67ed2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8dda9f8ef4d1be7a7b3e01d66820570e
SHA1 8e95d2f15309c7ce0f36d9906df8a7c940e27f06
SHA256 b0c4936ec6f8085feef1043357afaa3512d5d8de69f6f2d30f1dd58975e59dbc
SHA512 b3236924d101684ddfdaa420326da6c8dffb66adeea2941dfabb629dd89b6cd8db4d97eca48a41a4166db7d458ce1888a06189d6eec3aafa11d3f82e6ccc8eb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fd35adaa3c0837919dfdf47416e18e6
SHA1 ff2ac014c3e85d545b70cb1e61604cc5938c8564
SHA256 ee96c136ab916cb72b6bfd85d4b0b273779cbf2dd0490a877c275ef29fc1ab41
SHA512 e0387536c83f75b7864c052bed5ebcc1ae6f91cc50a5bf63bb74f603f885db67d54abb1e2d56aa870638e53830892eb6cd6a5d71c842b46374fdfde0e4f26dd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 623e5ea93edefd69fed587387944699e
SHA1 9cc64c9f422513e7c88f59c25d68e4dc8f07ade3
SHA256 84af2ab4c2990fca06c47231c347ecc91f74744fe7faed5986db3233a20adfa6
SHA512 465716f26c5a0a923b46d8f813b09ae0193666ddbb7a0c473f3a2222be5e96e2f7903e5aa88a4ea126f5011516ba86e3592e85966385d62112e182ffa5f77ef1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322

MD5 eed669e99da685e18b2a6ec0907d3e9e
SHA1 f043b9a9a4d3d2eb7ae8d551ce97ff3f6cf54f9c
SHA256 dc22a0129343069a8f0794608edbc7c7e2cba74316df31655f75bcf29af44403
SHA512 9bd89d965ffb4fa46c227eb139c962377c7b64d9ae1641e57d28ae7ce6b855415bed468572109357319fd482e0dcc5b669df1ebe54377954d5a32a3ed931eefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3314cc6be0fc192fdf8461362f485be
SHA1 a293ffaadb86c75403acbba830087ebcd822b5e8
SHA256 6fd9942d31297eb775c28e6210bbc71ec0afdc906eb0cfa59d1c1f967851c20b
SHA512 0fd6b7d56bc58c21810e32b61333425c182625d9d063735954d57222f8fc79c56d5c41ab08d825ed039c41e926ecc11431acc892e210d40b8ad1788a2db921e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94fe5132b2bf55633bd0589d04b44f2a
SHA1 5dd76f2951bfc7c4b377d35dddbe9bf88442e2e0
SHA256 68b683101dfec443e4e66b20de7d00bc712a9accf0b370cadf89324041bd5e70
SHA512 68b55befa4246a036bc2d431271dd8780521873d7c3ddaaad00a113d9904db1c8a2e49c50e15e663a9cc1d8c6472b699dc94d9b84faa30341ddcca9ba03bd918

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a14df8eea52ac86b6b1efe540dd43aa1
SHA1 a2e53f6e6d1c40be0f6786a8a365e6b5c70b95a3
SHA256 23f8858c836f1108393c369fd06031df9f3cbbafe732381e0fff0e716a109325
SHA512 048e0670b93bacdb0130dc1105b8270f1efcc0a5aff52dc67fed6d6cb26d1bcfd339f619c1802891c2cceb4db797a14203a1d157fc49a7ec431b800c2a897732

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\si_icon_16[1].png

MD5 4608a4f74b97cbc9324bfc529c84fcb4
SHA1 d009c99eb932bc4e1184395b0f0b05918886edc7
SHA256 a2b96979e5cb0285b5324daa813c1d7d2a5463409543ddfa186653cc082e46d9
SHA512 7f477412f5be0689cdd63e53439f0b156f511146c6489e717bc65a045bca2a7364a14686463d284e4df607299e91983c62d6adc79e420b91c57910f3210e3cbd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat

MD5 16fe2df9f98ce26b996358188692be5b
SHA1 01b01d8530a714a82fb813cd48ca348ebd84dc6b
SHA256 f00b0ddbb35482106ae365e406475b8a653fffaaa36174f738e47c89ee3a941d
SHA512 e390b03fc437cb85e55e2acba5a932cee19cb99612248c147dc6eb48a0bb6ec8dfd0b51274a802eb674131780593a8b2a83486baa06be8a58cb738bd733256d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1ee428619fd0c32864f5468c34da0f9
SHA1 ef6f918f1e4a07ee4a295a00977baeeac8b98224
SHA256 7ed2e5e8e4070018c1b404b19ab69bd8b268246e80e35e52313f0868c2cb1c50
SHA512 fa92a47f26d5bffe03e407c2eb03d656b65e3ca03ae42ed65415591269ca5ca4e626181e6b5b5fc40edfcecaa752b65c4a01d017cf881aa9c27c792d88057a3b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\PFM4SUK4\spongebob-squarepants.software.informer[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\sodar2[1].js

MD5 2cc87e9764aebcbbf36ff2061e6a2793
SHA1 b4f2ffdf4c695aa79f0e63651c18a88729c2407b
SHA256 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
SHA512 4ed31bf4f54eb0666539d6426c851503e15079601a2b7ec7410ebf0f3d1eec6a09f9d79f5cf40106249a710037a36de58105a72d8a909e0cfce872c736cb5e48

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\v7vy2rkjwnBS7GaGPCj4lDHg7-uqoQBgCnu8qUCxaM0[1].js

MD5 bf735e758a2d6f078e2cf03e6da174f0
SHA1 ebf369b18285533679ea285fa27223dad500c83d
SHA256 bfbbf2dab923c27052ec66863c28f89431e0efebaaa100600a7bbca940b168cd
SHA512 7517b019d5846adf2f8003f43083e93e6e2a8b71cd5b02f8e3ecb693a43b3905c2f30e820936703205f993d464e8840f64196d9cc09f9614dbdb2dec45a03615

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZCEANIFP\www.google[1].xml

MD5 ee133e7ab4b5fa9eec3db65e1e9897f0
SHA1 e83e6ef7dd195a425b9200cde45df38b580df9d1
SHA256 56575511890e887563775474adee8d7c62372cc867027b5d62ef0bfcc3e9ba7b
SHA512 88426fe1faad6c8e77c3e5c2e0bcaa82352a5aee5287551a454ae7413e8c95b26db2764786094c692c9620b233f880e58fdce32ec5c359d4ef5b4b0c0ccabf17

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\9fe8b22c2539940296c5f72a286520e3[1].js

MD5 9fe8b22c2539940296c5f72a286520e3
SHA1 136be35231c1e30a0039a4a9abb17a1da7dee818
SHA256 85e2887ca7712ff29486cc0986e28649adb297410b3548ade7c26e5c91f1211d
SHA512 716573b65ad646b65478cfbcfa20d711fcc28fbb57162ead1d6ab4cd8872a42864cfa06caa411833af24fd157415a0d738975aed9f3308f313ea25e93dd87853

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\e92e9b19fdbae9b3a3ef41360efccaf5[1].js

MD5 e92e9b19fdbae9b3a3ef41360efccaf5
SHA1 e3d6f6824eaecea2964d0c8e014ef1dd8938255f
SHA256 3a06394de3c65eb2e216ac769e1495ee2c2b9198b68e46dff6ad07874a3061f4
SHA512 7d0ff667869e07884f2a7af113be7f5eac849d2b575b1aa663a277b97abc7a448577631a2143cc178a981e71ed31ab2c4fc47cfb31214aa9c82fce33668ec275

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\f[4].txt

MD5 543f1ba5d21d72cfd5af1b7f3f5a7dea
SHA1 819aa419ec1d9ac0e6a75345ae8e501476abfe65
SHA256 e680f15ef156077429b715ace513107f66461727a57814c75b32246ed87e6f07
SHA512 6e0fb83899e7cd129c677115eb17945418572d7c357b848870b791d131451374833e39eb0086a498dea4d915133104a140de8dfd83b8177aacb27fa6ff005125

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\f[2].txt

MD5 e9543456e64c95f619022077daacb00b
SHA1 69b3b8d6994dc5ce0e9206105d9780c58abb3f9c
SHA256 2eb8d1864811f7dda794d309837f6bd9d5f3e79054fb2158cf1910ed8b8ee64a
SHA512 c4b5df4f28e9bd456074846f8b38ef9f86f0a4fc79e0b8d8eaab49bbacfb61515512501739aae0e51fb5b592cfde6cc977c4ec2efc21dee0a81f9e08195d976a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\f[3].txt

MD5 98408a561a774e2414e19971eec1f993
SHA1 f51216ceb3dc42de1416511664a7ab3bf7ef6b55
SHA256 bc7ef6c5abc6ad9f53e4b766c83bd5f57fce9d43db9cca546b1187e4a0583ef1
SHA512 a81646843f0d44a52db9e04debcd5262d8892827aa0608fa3a9284f3963e9177cbf3ae99538c28692dcfa78ed6240ace96486e9e6eab6562a6b8d9e1b545f844

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\f[3].txt

MD5 cac580c733b97073494b84501f8b53be
SHA1 c7ec514d04d6d93c98de2047ed8ea8b36ef4a37f
SHA256 3567d3f1e303ae3d52dd5283548308e35e7330ce7e8c6db71329f4b7e4af91f0
SHA512 00968245534a00e8f341103011218dc1ffb875705f8ae10251c31b43afe89f0424b349c6f79bb9d919ee63c6ce220b5e564ed827132acfa2a916d0a87671f1d7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\f[2].txt

MD5 cc47d2de85d243938c1e5277f7be2cbd
SHA1 df36c30bc0dc38b9aab1a2e9ca9fd12447ea2a74
SHA256 2897afa8893463a77bfde7d06c22334a7c2b4b671d2bbdaafc06396d6d4a50c0
SHA512 bbb56750c63e11583a48e82357bc0a2e95bd92d612d282981216ebb7b453841f272dea552fa963da632ddc1d111494d417801817574972b49c58d70be444baf3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\SourceSansPro-Bold[1].woff

MD5 625678880d8c338450f204a33fec863b
SHA1 b24c1d2f287bea376ff5ce79065e5800c43dda8f
SHA256 a4c0d82e111e1bc9fc4565c5b0744b39fbeb888a2ba8c65fc56a41632b6a81b7
SHA512 3192be30a7735c01268353e7d0ff9aecc76a672008c5fce756fd57b528933f419b30f45540aa0de525e941fe3ae93af0c5bc0d748cbe7ddda90ada428949ae9e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\SourceSansPro-Regular[1].woff

MD5 e2c2aa3f2d32159a3270d8c1d7c9d015
SHA1 91f931e6f9396cae583ddcf7af7888e62a541b12
SHA256 c6367d91247cb8b62ca2eab760c2f87fa4217d7887bfe9a23b49a557237aeb33
SHA512 795f9e610276a6037f6c2689cea21bc1f0024872139d7b4a87fcdacf35869b2e1f26d62597c257e5d7fb8eec9f2aa09d9682c8e094c4811e501d3ed5020e2c27

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\f[4].txt

MD5 3563a9ebcc589069a4bc2e026ab7982d
SHA1 54b8f1ce7f03ce447c5a47f22771a9ab7fae30ca
SHA256 b8a95712d6ee09c91155819da68b817ad882c1c0093cafd5c0799262253be006
SHA512 3a627a9e945915b0a457b8608687e0c192299942d3c2b7d5bce7de917e4d486ea9d9f7ef655968a105220cf2ec83724c8196adddef58a9d1237bc4f6782e2c91

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\SourceSansPro-Italic[1].woff

MD5 64db72197418eb4faa801b2e3dba297c
SHA1 8959d6d4d725bae9e548bfb5ab4571b95abd1b27
SHA256 7d9449402eda439ca583c6c0403eac0e1f8fa0d41dd3dcfbc21da1f91deecbd7
SHA512 b8d387b79761a30b0e93fca353f37f3efe089a4fbe9d7088d84c5426f3eba00e74aff5c53554e999608f0307d00794adbd013a9116d8ff3bbe6044646ceb1aa4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\api[1].js

MD5 43777d56ff985ce00b69a9f8ecf4550c
SHA1 563a28ec5261287060ad78334860463a410306d9
SHA256 d2f33b09cd1f4a2a14c0498a973167281909656c84a24093775f9957413c7ba7
SHA512 5bb6f9c7364601bc0218af632e85e3158c87f0f91dc5f53b54643cc215bd0c32c94871eb456825de5de4d47881d653bf4a812071ec845c2a9577a404a0a1c553

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\spacer[1].gif

MD5 0d23d0b62908b75e89014ac3f864484e
SHA1 640cc2607301598e4d871d618d668faf24e2b01e
SHA256 546c5cf136073615afda5cab173feff341171a26a848cf7ce09bb8bd8b07ce89
SHA512 6834f1548f26b94357fcc3312a3491e8c87080a84f678f990beb2c745899a01e239964521e64a534d7d5554222f728af966ec6ec8291bc64d2005861bcfd78ec

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\download-v4.min[1].js

MD5 72ea571ab89f4bcaaaf90726c4eeadb3
SHA1 ba28012fba67cd4ed9259fe771ab07abc2f22b2d
SHA256 a98886dc9c4da19375438091f9a3a63759f3d4f0e42f65655581eb9a5427efed
SHA512 04340406a71b2773911058dbc7e00a719c8f8aeaf6846212c94a2b863c16f90882393cf665bf80148a2afbbba50995432d760386ea6b40d4885327b8b86831da

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\hilight_software_v4[1].js

MD5 26f61adf2dfb76d92f9353e029a44849
SHA1 bb9e70229131cffcfa5edf3733a153f2fb128c30
SHA256 1fe92df4db46a835fbbb386f7b6cb59ed5e46470dd4fb46a26628a2ea7958130
SHA512 349e92a4bf3823760d281c880c42f82e438dbc4d8722e22edbd8b6717b599d5c821bf07462c92604476418884d32140d2750f0f2af75e657e945a1ef09591918

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\achecker3[1].js

MD5 18ccf622b63ba67a156af4178b1e7f24
SHA1 c057b8c0ff20d8bece6299dedef73c8fa4413d2d
SHA256 5fc209b264c022516bd63c11137d4a9b166142119f738e405c9f8de1bf1f98c4
SHA512 ee5a6bbc6db6366d6820d542f8448de6c41c3fbab11064bc8fab8ce5aea994ad4d4ca8abdfc8eb1943c7a54d882785f19dac8309937b7805eb50362a9a8785a6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\client[1].js

MD5 b3538e03bd242d1dde9d2b9805757b8b
SHA1 4bbebbc0f079e447d8fe939c87485bbabd28ad02
SHA256 3463a9ffe22e827ac836a9cf3cd4089e98d1f57d699edf7ea62b1518b63a752e
SHA512 61c384187f5be4a07499ecb5df8739f8e55baffa245efc964c97b7d63457fb6a986854d1431d770a615c483900edf924bc2bfbb2acc747b2af3738be7b9e94b7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\log[2].gif

MD5 325472601571f31e1bf00674c368d335
SHA1 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256 b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\download.min[1].css

MD5 4b0539671a1a8a741f2b6f80fdd3fe2a
SHA1 e4c40ff78e68b273a06fa0de813f7f9c4355be38
SHA256 dcd8d27c03f53354242af02fa924a6f0e120c4995f9c5b268287a3ece9b45fcc
SHA512 0223971ecb1554a73bad0d5971e4afc939495123021282e828f3a59e6124e5b2f42ceff309a296aef9bef30a7ec4c6c84d945ed4a23edb3f571ed16f4ac2af00

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\f[1].txt

MD5 9d9f52df75c97230da238df91cecea45
SHA1 e722e09135acab7104a46ae4eaf0cd52c436cba4
SHA256 da563995c8336482dcbb5111f35e29613d82abeb5f6b6cdf1b553077d644f3de
SHA512 d10dc48d566263328bf38d917b6a6a5261490a950a67fa5c3d4ec794629946df206b992d5e1dd8fdd4f2a5b61b1190561d02fa5d746f4ca71e63b7012b527b7f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\runner[1].htm

MD5 1d3d22df067f5219073f9c0fabb74fdd
SHA1 d5c226022639323d93946df3571404116041e588
SHA256 55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
SHA512 0b6b13b576e8cc05bd85b275631879875a5dbcb70fd78e6c93b259317ed6fd5d886f37d0cc6e099c3d3a8b66fea2a4c2c631eb5548c1ab2cd7cb5fa4d41ea769

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZCEANIFP\www.google[1].xml

MD5 532470c6e36f933b6c622115acc82d93
SHA1 1b26faf0bc21212b7b4457a5fa2e73cce14b9fea
SHA256 ce48a9e3133e8c00bc6f113cdd26ea22c0b87c9e020e1df8c73f06c53e3b28fd
SHA512 f71e5ac95c52f1a26a6bd4175317f2cecfa8444078b0c32f6f1dff506a11defeade69d8f334e16a6a904b071249acde022882eca79b084283c914979cc073864

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 18:14

Reported

2024-06-13 18:15

Platform

win10v2004-20240226-en

Max time kernel

39s

Max time network

44s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4956 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5084 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5340 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5448 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=1412 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 img.informer.com udp
US 8.8.8.8:53 img.informer.com udp
US 2.17.251.10:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 23.200.189.225:443 www.microsoft.com tcp
US 8.8.8.8:53 i.informer.com udp
US 8.8.8.8:53 i.informer.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 104.22.16.194:443 i.informer.com tcp
US 104.22.16.194:443 i.informer.com tcp
US 104.22.16.194:443 i.informer.com tcp
US 104.22.16.194:443 i.informer.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 70.179.117.74.in-addr.arpa udp
US 8.8.8.8:53 225.189.200.23.in-addr.arpa udp
US 8.8.8.8:53 10.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.16.22.104.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 img.informer.com udp
US 74.117.179.70:445 img.informer.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 hits.informer.com udp
US 8.8.8.8:53 hits.informer.com udp
US 204.155.159.109:443 hits.informer.com tcp
US 8.8.8.8:53 video.informer.com udp
US 8.8.8.8:53 video.informer.com udp
US 208.94.233.126:443 video.informer.com tcp
US 8.8.8.8:53 109.159.155.204.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 126.233.94.208.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 img.informer.com udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.182.143.212:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 212.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 software.informer.com udp
US 104.22.16.194:445 software.informer.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 172.67.43.115:445 software.informer.com tcp
US 104.22.17.194:445 software.informer.com tcp
US 8.8.8.8:53 software.informer.com udp
US 104.22.16.194:139 software.informer.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 13.107.253.64:443 tcp

Files

N/A